Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
sNWQ2gC6if.exe

Overview

General Information

Sample name:sNWQ2gC6if.exe
renamed because original name is a hash value
Original sample name:cc2566eae03240ffc314e5bee2dc4d26.exe
Analysis ID:1576847
MD5:cc2566eae03240ffc314e5bee2dc4d26
SHA1:5e146c18717f7aa8cbd226ec750bce41bd8aa4b3
SHA256:9f2583d6908053c7fdf7e8b2da4f578432e761adbf11cbeab3b78b7da71ed843
Tags:exeLummaStealeruser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains executable resources (Code or Archives)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • sNWQ2gC6if.exe (PID: 1548 cmdline: "C:\Users\user\Desktop\sNWQ2gC6if.exe" MD5: CC2566EAE03240FFC314E5BEE2DC4D26)
    • WerFault.exe (PID: 5896 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 840 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["immureprech.biz", "awake-weaves.cyou", "debonairnukk.xyz", "sordid-snaked.cyou", "diffuculttan.xyz", "effecterectz.xyz", "deafeninggeh.biz", "wrathful-jammy.cyou"], "Build id": "4h5VfH--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1606914020.0000000000A39000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0xf88:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
        00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
        • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
        00000000.00000003.1427054834.00000000024C0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          Click to see the 1 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.sNWQ2gC6if.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            0.2.sNWQ2gC6if.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              0.3.sNWQ2gC6if.exe.24c0000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                0.3.sNWQ2gC6if.exe.24c0000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:09.422537+010020283713Unknown Traffic192.168.2.849706104.131.68.180443TCP
                  2024-12-17T16:42:11.247880+010020283713Unknown Traffic192.168.2.849707104.131.68.180443TCP
                  2024-12-17T16:42:14.453770+010020283713Unknown Traffic192.168.2.84970823.55.153.106443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:09.845092+010020546531A Network Trojan was detected192.168.2.849706104.131.68.180443TCP
                  2024-12-17T16:42:11.681513+010020546531A Network Trojan was detected192.168.2.849707104.131.68.180443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:09.845092+010020498361A Network Trojan was detected192.168.2.849706104.131.68.180443TCP
                  2024-12-17T16:42:11.681513+010020498361A Network Trojan was detected192.168.2.849707104.131.68.180443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:11.247880+010020582151Domain Observed Used for C2 Detected192.168.2.849707104.131.68.180443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:09.422537+010020582231Domain Observed Used for C2 Detected192.168.2.849706104.131.68.180443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:12.271683+010020582101Domain Observed Used for C2 Detected192.168.2.8649221.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:09.868010+010020582141Domain Observed Used for C2 Detected192.168.2.8545091.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:11.979706+010020582161Domain Observed Used for C2 Detected192.168.2.8599421.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:11.834468+010020582181Domain Observed Used for C2 Detected192.168.2.8628901.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:11.693850+010020582201Domain Observed Used for C2 Detected192.168.2.8620421.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:08.032429+010020582221Domain Observed Used for C2 Detected192.168.2.8543431.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:07.884805+010020582261Domain Observed Used for C2 Detected192.168.2.8589291.1.1.153UDP
                  2024-12-17T16:42:12.422329+010020582261Domain Observed Used for C2 Detected192.168.2.8533261.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:12.128254+010020582361Domain Observed Used for C2 Detected192.168.2.8632641.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:09.425171+010028225211Domain Observed Used for C2 Detected104.131.68.180443192.168.2.849706TCP
                  2024-12-17T16:42:11.250794+010028225211Domain Observed Used for C2 Detected104.131.68.180443192.168.2.849707TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T16:42:15.590398+010028586661Domain Observed Used for C2 Detected192.168.2.84970823.55.153.106443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: https://sordid-snaked.cyou/apiYaAvira URL Cloud: Label: malware
                  Source: https://immureprech.biz/apiRAvira URL Cloud: Label: malware
                  Source: https://deafeninggeh.biz/apiOAvira URL Cloud: Label: malware
                  Found malware configuration
                  Source: 0.3.sNWQ2gC6if.exe.24c0000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["immureprech.biz", "awake-weaves.cyou", "debonairnukk.xyz", "sordid-snaked.cyou", "diffuculttan.xyz", "effecterectz.xyz", "deafeninggeh.biz", "wrathful-jammy.cyou"], "Build id": "4h5VfH--"}
                  Multi AV Scanner detection for submitted file
                  Source: sNWQ2gC6if.exeReversingLabs: Detection: 55%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: sNWQ2gC6if.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: sordid-snaked.cyou
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: awake-weaves.cyou
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: wrathful-jammy.cyou
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: debonairnukk.xyz
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: diffuculttan.xyz
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: effecterectz.xyz
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: deafeninggeh.biz
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: immureprech.biz
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: sordid-snaked.cyou
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                  Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4h5VfH--

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeUnpacked PE file: 0.2.sNWQ2gC6if.exe.400000.0.unpack
                  Source: sNWQ2gC6if.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 104.131.68.180:443 -> 192.168.2.8:49706 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.131.68.180:443 -> 192.168.2.8:49707 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49708 version: TLS 1.2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h0_2_0043CD60
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp al, 2Eh0_2_00426054
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then jmp eax0_2_00426054
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B05D
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B05D
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B068
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B068
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]0_2_0040E83B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B05B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B05B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_0040A940
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov edx, ecx0_2_0040A940
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]0_2_0040C917
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then jmp ecx0_2_0043C1F0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_00425990
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ecx, di0_2_00425990
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B195
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_0043B9A1
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh0_2_004369A0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0041E9B0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_004299B0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]0_2_0042526A
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ebx, edi0_2_0041D270
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov esi, eax0_2_00423A34
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h0_2_0043D2F0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, word ptr [eax]0_2_0043D2F0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then jmp ecx0_2_0043C280
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]0_2_00415298
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00415298
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_0043AAB2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h0_2_004252BA
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_004252BA
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov eax, ebx0_2_0041CB05
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h0_2_0043CB20
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov edx, eax0_2_00427326
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_004143C2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov edi, dword ptr [esp+34h]0_2_004143C2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0042A3D0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_0042C45C
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ebp, dword ptr [eax]0_2_00436C00
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_0042B4FC
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_0042B4FC
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]0_2_00418578
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov edx, eax0_2_0042750D
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_00421D10
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]0_2_0040DD25
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, edx0_2_0040BDC9
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]0_2_00417582
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]0_2_00427DA2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h0_2_004205B0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C64A
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_0042AE48
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then jmp eax0_2_00426E50
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_0042B4F7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_0042B4F7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_0042AE24
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00433630
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C6E4
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_00425E90
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h0_2_0043CE90
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov word ptr [eax], cx0_2_004166A0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0041BEA0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_0042ADF4
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov eax, edx0_2_0041C6BB
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then jmp eax0_2_0043BF40
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]0_2_00415F66
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch0_2_00419770
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh0_2_00419770
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh0_2_00419770
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h0_2_00419770
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_00419770
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h0_2_00419770
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh0_2_00419770
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h0_2_00419770
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]0_2_0043A777
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]0_2_00409700
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]0_2_00409700
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]0_2_00409700
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C726
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C735
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0040CFF3
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]0_2_0040CFF3
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [ebp+00h], al0_2_0041DF80
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0040D7A2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0040D7A2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_009EB08B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_009EB0AF
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h0_2_009FD0F7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_009E60F7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then jmp eax0_2_009E70E4
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, edx0_2_009CC030
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [ebp+00h], al0_2_009DE1E7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_009EB05B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_009FB2CF
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_009FB2CF
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_009FB2C4
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_009FB2C4
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [edi], al0_2_009CD25A
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]0_2_009CD25A
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then jmp eax0_2_009FC268
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp al, 2Eh0_2_009E63B6
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_009FB3FC
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_009FB2C2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_009FB2C2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ebx, edi0_2_009DD4D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]0_2_009E54D1
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h0_2_009E559D
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_009E55B3
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_009E552B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov word ptr [eax], cx0_2_009DC528
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h0_2_009FD557
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, word ptr [eax]0_2_009FD557
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]0_2_009D554C
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]0_2_009D6544
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_009EC6C3
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_009EA637
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then jmp ecx0_2_009FC79B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov edx, eax0_2_009E7797
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]0_2_009D87DF
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]0_2_009D77E9
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then jmp eax0_2_009E6739
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_009EB763
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_009EB763
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_009F3897
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_009EC8B1
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h0_2_009E0817
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_009D4806
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_009EB75E
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_009EB75E
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_009EC99C
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_009EC98D
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]0_2_009FA9DE
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch0_2_009D99D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh0_2_009D99D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh0_2_009D99D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h0_2_009D99D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_009D99D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h0_2_009D99D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh0_2_009D99D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h0_2_009D99D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]0_2_009E89C0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov word ptr [eax], cx0_2_009D6907
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov eax, edx0_2_009DC921
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_009EC94B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]0_2_009C9967
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]0_2_009C9967
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]0_2_009C9967
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]0_2_009CEAA2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_009CDA09
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_009CDA09
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_009CABA7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov edx, ecx0_2_009CABA7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_009E5BF7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ecx, di0_2_009E5BF7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]0_2_009CCB7E
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov esi, eax0_2_009E3C9B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_009E9C17
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_009DEC17
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_009FBC08
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh0_2_009F6C3B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h0_2_009FCD87
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_009FAD19
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ebp, dword ptr [eax]0_2_009F6E67
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]0_2_009CDF8C
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h0_2_009FCFC7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov word ptr [ebx], dx0_2_009D8F35
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_009D8F35
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov word ptr [eax], dx0_2_009D5F79
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 4x nop then mov ecx, eax0_2_009E1F77

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.8:54343 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.8:64922 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.8:49706 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.8:63264 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 104.131.68.180:443 -> 192.168.2.8:49706
                  Source: Network trafficSuricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.8:62890 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.8:62042 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.8:53326 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.8:58929 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.8:54509 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.8:49707 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 104.131.68.180:443 -> 192.168.2.8:49707
                  Source: Network trafficSuricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.8:59942 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.8:49708 -> 23.55.153.106:443
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49706 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49706 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49707 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49707 -> 104.131.68.180:443
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: immureprech.biz
                  Source: Malware configuration extractorURLs: awake-weaves.cyou
                  Source: Malware configuration extractorURLs: debonairnukk.xyz
                  Source: Malware configuration extractorURLs: sordid-snaked.cyou
                  Source: Malware configuration extractorURLs: diffuculttan.xyz
                  Source: Malware configuration extractorURLs: effecterectz.xyz
                  Source: Malware configuration extractorURLs: deafeninggeh.biz
                  Source: Malware configuration extractorURLs: wrathful-jammy.cyou
                  Performs DNS queries to domains with low reputation
                  Source: DNS query: effecterectz.xyz
                  Source: DNS query: diffuculttan.xyz
                  Source: DNS query: debonairnukk.xyz
                  Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                  Source: Joe Sandbox ViewIP Address: 104.131.68.180 104.131.68.180
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49708 -> 23.55.153.106:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49707 -> 104.131.68.180:443
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: deafeninggeh.biz
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=72a0349397cc711877af4dd7; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35131Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 17 Dec 2024 15:42:15 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: sordid-snaked.cyou
                  Source: global trafficDNS traffic detected: DNS query: immureprech.biz
                  Source: global trafficDNS traffic detected: DNS query: deafeninggeh.biz
                  Source: global trafficDNS traffic detected: DNS query: effecterectz.xyz
                  Source: global trafficDNS traffic detected: DNS query: diffuculttan.xyz
                  Source: global trafficDNS traffic detected: DNS query: debonairnukk.xyz
                  Source: global trafficDNS traffic detected: DNS query: wrathful-jammy.cyou
                  Source: global trafficDNS traffic detected: DNS query: awake-weaves.cyou
                  Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                  Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                  Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awake-weaves.cyou/api
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/api
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/apiO
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://debonairnukk.xyz/api
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000A75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/api
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/apiR
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000A86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/pi
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sordid-snaked.cyou/api
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sordid-snaked.cyou/apiYa
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                  Source: sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                  Source: unknownHTTPS traffic detected: 104.131.68.180:443 -> 192.168.2.8:49706 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.131.68.180:443 -> 192.168.2.8:49707 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49708 version: TLS 1.2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004310D0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004310D0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00431839 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,0_2_00431839

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 00000000.00000002.1606914020.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0040B44C0_2_0040B44C
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004087900_2_00408790
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004260540_2_00426054
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043B0680_2_0043B068
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004140700_2_00414070
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043C0200_2_0043C020
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004398300_2_00439830
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043D8300_2_0043D830
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041B0E10_2_0041B0E1
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041F0E00_2_0041F0E0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004210E00_2_004210E0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004358900_2_00435890
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004340980_2_00434098
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043D0A00_2_0043D0A0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004180A90_2_004180A9
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0040A9400_2_0040A940
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041714B0_2_0041714B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0040C9170_2_0040C917
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0042B12C0_2_0042B12C
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0042F1300_2_0042F130
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0042B1C00_2_0042B1C0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041D9E00_2_0041D9E0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004361E00_2_004361E0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004111E50_2_004111E5
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004059F00_2_004059F0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004239F20_2_004239F2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043C1F00_2_0043C1F0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0040F9FD0_2_0040F9FD
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004259900_2_00425990
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043B9A10_2_0043B9A1
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004062500_2_00406250
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041D2700_2_0041D270
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00424A740_2_00424A74
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004092300_2_00409230
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00423A340_2_00423A34
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004192DA0_2_004192DA
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043D2F00_2_0043D2F0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043C2800_2_0043C280
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004152980_2_00415298
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004082AE0_2_004082AE
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004252BA0_2_004252BA
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041CB050_2_0041CB05
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00428BC00_2_00428BC0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004143C20_2_004143C2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00402BD00_2_00402BD0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00428BE90_2_00428BE9
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004373990_2_00437399
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004393A00_2_004393A0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00416BA50_2_00416BA5
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004293AA0_2_004293AA
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004223B80_2_004223B8
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00436C000_2_00436C00
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004234100_2_00423410
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0042B4FC0_2_0042B4FC
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00404CB00_2_00404CB0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004074B00_2_004074B0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041DD500_2_0041DD50
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004185780_2_00418578
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0042D57E0_2_0042D57E
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004245020_2_00424502
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00421D100_2_00421D10
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0040DD250_2_0040DD25
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041D5E00_2_0041D5E0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004175820_2_00417582
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043D5800_2_0043D580
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00427DA20_2_00427DA2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004205B00_2_004205B0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0042C64A0_2_0042C64A
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00426E500_2_00426E50
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0042B4F70_2_0042B4F7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043462A0_2_0043462A
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004356300_2_00435630
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004066E00_2_004066E0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0042C6E40_2_0042C6E4
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00430EF00_2_00430EF0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004256F90_2_004256F9
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00422E930_2_00422E93
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00425E900_2_00425E90
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004156A00_2_004156A0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041BEA00_2_0041BEA0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00438EA00_2_00438EA0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00435EA00_2_00435EA0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00405EB00_2_00405EB0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041C6BB0_2_0041C6BB
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00415F660_2_00415F66
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004197700_2_00419770
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004097000_2_00409700
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0042C7260_2_0042C726
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0042C7350_2_0042C735
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041DF800_2_0041DF80
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00402FA00_2_00402FA0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009CC0E80_2_009CC0E8
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009E80090_2_009E8009
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DC1AC0_2_009DC1AC
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DE1E70_2_009DE1E7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C61170_2_009C6117
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009E81080_2_009E8108
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F91070_2_009F9107
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F61070_2_009F6107
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F11570_2_009F1157
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009FB2CF0_2_009FB2CF
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F42FF0_2_009F42FF
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C32070_2_009C3207
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009EF3970_2_009EF397
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009EB3930_2_009EB393
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009D73B20_2_009D73B2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C83C70_2_009C83C7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009FD3070_2_009FD307
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DB3480_2_009DB348
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009D734A0_2_009D734A
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009E13470_2_009E1347
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DF3470_2_009DF347
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C94970_2_009C9497
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C64B70_2_009C64B7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DD4D70_2_009DD4D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009EB4270_2_009EB427
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009D144C0_2_009D144C
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F64470_2_009F6447
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C45D70_2_009C45D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DC5280_2_009DC528
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009FD5570_2_009FD557
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009D95410_2_009D9541
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009E96110_2_009E9611
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F96070_2_009F9607
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009D87DF0_2_009D87DF
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009FD7E70_2_009FD7E7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009ED7E50_2_009ED7E5
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C77170_2_009C7717
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009EB7630_2_009EB763
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F58970_2_009F5897
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F48910_2_009F4891
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009EC8B10_2_009EC8B1
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009E08170_2_009E0817
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DD8470_2_009DD847
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009EB75E0_2_009EB75E
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009EC99C0_2_009EC99C
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009EC98D0_2_009EC98D
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009D99D70_2_009D99D7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C89F70_2_009C89F7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DC9210_2_009DC921
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009EC94B0_2_009EC94B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C69470_2_009C6947
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C99670_2_009C9967
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F9A970_2_009F9A97
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009FDA970_2_009FDA97
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F5AF70_2_009F5AF7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009D7BA70_2_009D7BA7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009CABA70_2_009CABA7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009E5BF70_2_009E5BF7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009CCB7E0_2_009CCB7E
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009E3C9B0_2_009E3C9B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009E4CF40_2_009E4CF4
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009FBC080_2_009FBC08
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C3C270_2_009C3C27
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C5C570_2_009C5C57
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DDC470_2_009DDC47
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009CFC640_2_009CFC64
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C2E370_2_009C2E37
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009F6E670_2_009F6E67
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009CDF8C0_2_009CDF8C
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DDFB70_2_009DDFB7
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C4F170_2_009C4F17
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009D8F350_2_009D8F35
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009E1F770_2_009E1F77
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: String function: 009D42C7 appears 74 times
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: String function: 009C81D7 appears 78 times
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: String function: 00414060 appears 74 times
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: String function: 00407F70 appears 46 times
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 840
                  Source: sNWQ2gC6if.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: sNWQ2gC6if.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 00000000.00000002.1606914020.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: sNWQ2gC6if.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@2/5@10/2
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00A39FB6 CreateToolhelp32Snapshot,Module32First,0_2_00A39FB6
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_004361E0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,0_2_004361E0
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1548
                  Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\c6cd06f5-6107-4f84-9a1d-1c4c68671a8dJump to behavior
                  Source: sNWQ2gC6if.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: sNWQ2gC6if.exeReversingLabs: Detection: 55%
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeFile read: C:\Users\user\Desktop\sNWQ2gC6if.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\sNWQ2gC6if.exe "C:\Users\user\Desktop\sNWQ2gC6if.exe"
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 840
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: msvcr100.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeUnpacked PE file: 0.2.sNWQ2gC6if.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeUnpacked PE file: 0.2.sNWQ2gC6if.exe.400000.0.unpack
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0041ACF6 push esp; iretd 0_2_0041ACFF
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043F6EE push esp; iretd 0_2_0043F6EF
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043BF00 push eax; mov dword ptr [esp], 49484716h0_2_0043BF01
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009FC167 push eax; mov dword ptr [esp], 49484716h0_2_009FC168
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009FF555 push esp; iretd 0_2_009FF556
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009DAF5D push esp; iretd 0_2_009DAF66
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00A3CA05 pushad ; ret 0_2_00A3CA0A
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00A3CC8B push ebp; ret 0_2_00A3CC90
                  Source: sNWQ2gC6if.exeStatic PE information: section name: .text entropy: 7.376376674331909
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exe TID: 3872Thread sleep time: -90000s >= -30000sJump to behavior
                  Source: Amcache.hve.4.drBinary or memory string: VMware
                  Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.4.drBinary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67
                  Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.4.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWoc
                  Source: Amcache.hve.4.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000A75000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`r
                  Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_0043A9B0 LdrInitializeThunk,0_2_0043A9B0
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C092B mov eax, dword ptr fs:[00000030h]0_2_009C092B
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_009C0D90 mov eax, dword ptr fs:[00000030h]0_2_009C0D90
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeCode function: 0_2_00A39893 push dword ptr fs:[00000030h]0_2_00A39893

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  LummaC encrypted strings found
                  Source: sNWQ2gC6if.exeString found in binary or memory: debonairnukk.xyz
                  Source: sNWQ2gC6if.exeString found in binary or memory: diffuculttan.xyz
                  Source: sNWQ2gC6if.exeString found in binary or memory: effecterectz.xyz
                  Source: sNWQ2gC6if.exeString found in binary or memory: deafeninggeh.biz
                  Source: sNWQ2gC6if.exeString found in binary or memory: immureprech.biz
                  Source: C:\Users\user\Desktop\sNWQ2gC6if.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                  Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

                  Stealing of Sensitive Information

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 0.2.sNWQ2gC6if.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.sNWQ2gC6if.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.sNWQ2gC6if.exe.24c0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.sNWQ2gC6if.exe.24c0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.1427054834.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 0.2.sNWQ2gC6if.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.sNWQ2gC6if.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.sNWQ2gC6if.exe.24c0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.sNWQ2gC6if.exe.24c0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.1427054834.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  PowerShell                  		1
                  DLL Side-Loading                  		1
                  Process Injection                  		1
                  Virtualization/Sandbox Evasion                  		OS Credential Dumping11
                  Security Software Discovery                  		Remote Services1
                  Screen Capture                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Process Injection                  		LSASS Memory1
                  Virtualization/Sandbox Evasion                  		Remote Desktop Protocol1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                  Deobfuscate/Decode Files or Information                  		Security Account Manager1
                  Process Discovery                  		SMB/Windows Admin Shares2
                  Clipboard Data                  		3
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
                  Obfuscated Files or Information                  		NTDS2
                  System Information Discovery                  		Distributed Component Object ModelInput Capture114
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
                  Software Packing                  		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  sNWQ2gC6if.exe55%ReversingLabsWin32.Spyware.Stealc
                  sNWQ2gC6if.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://sordid-snaked.cyou/apiYa100%Avira URL Cloudmalware
                  https://immureprech.biz/apiR100%Avira URL Cloudmalware
                  https://deafeninggeh.biz/apiO100%Avira URL Cloudmalware

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  steamcommunity.com
                  		23.55.153.106
                  		truefalse
                    		high
                    immureprech.biz
                    		104.131.68.180
                    		truefalse
                      		high
                      deafeninggeh.biz
                      		104.131.68.180
                      		truefalse
                        		high
                        sordid-snaked.cyou
                        		unknown
                        		unknownfalse
                          		high
                          diffuculttan.xyz
                          		unknown
                          		unknownfalse
                            		high
                            effecterectz.xyz
                            		unknown
                            		unknownfalse
                              		high
                              awake-weaves.cyou
                              		unknown
                              		unknownfalse
                                		high
                                wrathful-jammy.cyou
                                		unknown
                                		unknownfalse
                                  		high
                                  debonairnukk.xyz
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    sordid-snaked.cyoufalse
                                      		high
                                      deafeninggeh.bizfalse
                                        		high
                                        effecterectz.xyzfalse
                                          		high
                                          wrathful-jammy.cyoufalse
                                            		high
                                            https://steamcommunity.com/profiles/76561199724331900false
                                              		high
                                              awake-weaves.cyoufalse
                                                		high
                                                immureprech.bizfalse
                                                  		high
                                                  https://immureprech.biz/apifalse
                                                    		high
                                                    debonairnukk.xyzfalse
                                                      		high
                                                      diffuculttan.xyzfalse
                                                        		high
                                                        https://deafeninggeh.biz/apifalse
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://deafeninggeh.biz/apiOsNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngsNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://player.vimeo.comsNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://steamcommunity.com/?subsection=broadcastssNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://immureprech.biz/pisNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000A86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://store.steampowered.com/subscriber_agreement/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.gstatic.cn/recaptcha/sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://deafeninggeh.biz/sNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.valvesoftware.com/legal.htmsNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=ensNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.youtube.comsNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.google.comsNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbacksNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englissNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7TsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://s.ytimg.com;sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://steam.tv/sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=esNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEBsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=ensNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://store.steampowered.com/privacy_agreement/sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://wrathful-jammy.cyou/sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://immureprech.biz/apiRsNWQ2gC6if.exe, 00000000.00000003.1466573226.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: malware
                                                                                                                    		unknown
                                                                                                                    https://store.steampowered.com/points/shop/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&asNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://sketchfab.comsNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://lv.queniujq.cnsNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://steamcommunity.com/profiles/76561199724331900/inventory/sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.youtube.com/sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/privacy_agreement/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.google.com/recaptcha/sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://checkout.steampowered.com/sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://store.steampowered.com/;sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://store.steampowered.com/about/sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://steamcommunity.com/my/wishlist/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://help.steampowered.com/en/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://steamcommunity.com/market/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowered.com/news/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://store.steampowered.com/subscriber_agreement/sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://recaptcha.net/recaptcha/;sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://steamcommunity.com/discussions/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://debonairnukk.xyz/apisNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://store.steampowered.com/stats/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://medal.tvsNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://broadcast.st.dl.eccdnx.comsNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngsNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&asNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/steam_refunds/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&asNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=esNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://steamcommunity.com/workshop/sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://login.steampowered.com/sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbsNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_csNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://store.steampowered.com/legal/sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://sordid-snaked.cyou/apiYasNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=ensNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&asNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=englsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://recaptcha.netsNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://upx.sf.netAmcache.hve.4.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://store.steampowered.com/sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngsNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://127.0.0.1:27060sNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000002.1607439076.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517485924.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampsNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://help.steampowered.com/sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://api.steampowered.com/sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000B01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://store.steampowered.com/account/cookiepreferences/sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1507198084.0000000000AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://sordid-snaked.cyou/apisNWQ2gC6if.exe, 00000000.00000002.1606944180.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://store.steampowered.com/mobilesNWQ2gC6if.exe, 00000000.00000003.1517443177.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, sNWQ2gC6if.exe, 00000000.00000003.1506956394.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                      23.55.153.106
                                                                                                                                                                                                                                      		steamcommunity.comUnited States
                                                                                                                                                                                                                                      		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                      104.131.68.180
                                                                                                                                                                                                                                      		immureprech.bizUnited States
                                                                                                                                                                                                                                      		14061DIGITALOCEAN-ASNUSfalse

                                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                      Analysis ID:1576847
                                                                                                                                                                                                                                      Start date and time:2024-12-17 16:41:08 +01:00
                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                      Overall analysis duration:0h 5m 31s
                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                      Number of analysed new started processes analysed:10
                                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                      Sample name:sNWQ2gC6if.exe
                                                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                                                      Original Sample Name:cc2566eae03240ffc314e5bee2dc4d26.exe
                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                      Classification:mal100.troj.evad.winEXE@2/5@10/2
                                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                                      • Successful, ratio: 98%
                                                                                                                                                                                                                                      • Number of executed functions: 15
                                                                                                                                                                                                                                      • Number of non-executed functions: 234
                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 13.89.179.12, 20.190.181.23, 52.149.20.212
                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                      • VT rate limit hit for: sNWQ2gC6if.exe

                                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                                      10:42:07API Interceptor7x Sleep call for process: sNWQ2gC6if.exe modified
                                                                                                                                                                                                                                      10:42:24API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      23.55.153.106file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                I37faEaz1K.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  YbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    3cb2b5U8BR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      afXf6ZiYTT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        ZideZBMwUQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          104.131.68.180java.exeGet hashmaliciousTinbaBrowse
                                                                                                                                                                                                                                                          • uyhgqunqkxnx.pw/EiDQjNbWEQ/

                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          deafeninggeh.bizhpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                                          immureprech.bizhpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                                          DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                                          SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                                          N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          steamcommunity.comfile.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                                                          hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                                          DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                                          SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                                          N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                          • 23.37.186.133

                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          AKAMAI-ASN1EU3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 184.51.34.61
                                                                                                                                                                                                                                                          873406390.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                          • 23.44.201.32
                                                                                                                                                                                                                                                          1iC0WTxgUf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 172.232.31.180
                                                                                                                                                                                                                                                          https://qrs.ly/gggdyxxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 2.16.158.106
                                                                                                                                                                                                                                                          KjECqzXLWp.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                          • 23.33.40.135
                                                                                                                                                                                                                                                          dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          • 23.33.40.153
                                                                                                                                                                                                                                                          REQUEST FOR QUOTATION 1307-RFQ.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                          • 172.234.222.138
                                                                                                                                                                                                                                                          https://login.corp-internal.org/17058d3d8656ed69?l=27Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 2.16.158.75
                                                                                                                                                                                                                                                          T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          • 23.209.72.33
                                                                                                                                                                                                                                                          https://cavotec-au.sharefile.com/public/share/web-1271a93971714a91Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 104.126.36.32
                                                                                                                                                                                                                                                          DIGITALOCEAN-ASNUShpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          payload_1.htaGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                          • 174.138.125.138
                                                                                                                                                                                                                                                          1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 157.245.2.219
                                                                                                                                                                                                                                                          DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                                          fsg5PWtTm2.lnkGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                                                          • 174.138.125.138
                                                                                                                                                                                                                                                          SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                                          Client-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                          • 138.68.79.95

                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1out.bin.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          jYd7FUgGZc.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          sfWmEoGJQR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          V65xPrgEHH.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          pN6iTXbhhc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          81eivTbdp6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                                          hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          • 104.131.68.180

                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_sNWQ2gC6if.exe_2e9a11d521df801a8d86f95332a65815a4dc45_54dcc315_85bb218a-e1d8-4600-a109-166ef0638a70\Report.wer

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                          Entropy (8bit):0.9565850878224834
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:5OvX037WWb0sAdwju3RzuiFjZ24IO8OG:MM3ksAdwjgzuiFjY4IO8OG
                                                                                                                                                                                                                                                          MD5:8B328D854C7A1224ACBAA16C80131B0C
                                                                                                                                                                                                                                                          SHA1:F5DB2A440157CEBF8247F2847F0D9579A4942669
                                                                                                                                                                                                                                                          SHA-256:2A7D3DD1192DF3BAC6496CFD5A19560F80EB8D3C35CF6544DC9796999D3545D0
                                                                                                                                                                                                                                                          SHA-512:985A7DE8734DAD44B743C289C157CDC405D6EDD74F22292F4C8B0F17019E012D0EA3E8911510B53D3BEA0D5D5232467741290C13FD6E632A499A75CDF260592C
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.2.3.7.3.6.5.0.4.4.3.0.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.2.3.7.3.7.0.0.4.4.1.9.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.5.b.b.2.1.8.a.-.e.1.d.8.-.4.6.0.0.-.a.1.0.9.-.1.6.6.e.f.0.6.3.8.a.7.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.d.7.b.3.0.9.7.-.1.5.d.d.-.4.b.8.9.-.a.7.0.7.-.8.9.8.d.4.1.c.f.c.f.e.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.s.N.W.Q.2.g.C.6.i.f...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.6.0.c.-.0.0.0.1.-.0.0.1.4.-.c.9.8.e.-.e.4.3.8.9.a.5.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.9.6.b.1.9.2.7.e.d.0.0.7.a.6.2.a.c.3.4.e.4.8.a.b.4.c.3.f.c.7.0.0.0.0.f.f.f.f.!.0.0.0.0.5.e.1.4.6.c.1.8.7.1.7.f.7.a.a.8.c.b.d.2.2.6.e.c.7.5.0.b.c.e.4.1.b.d.8.a.a.4.b.3.!.s.N.W.Q.2.g.C.6.i.f...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER922C.tmp.dmp

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          File Type:Mini DuMP crash report, 15 streams, Tue Dec 17 15:42:16 2024, 0x1205a4 type
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):46078
                                                                                                                                                                                                                                                          Entropy (8bit):2.5501526912101578
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:CuzLXPPKnkzOx1BMNmgbd893fTrq42RIecxDlWM/1hjpKOyO04srb8R:vPKnHTBlgbd8Z4O7lZ1bn70TA
                                                                                                                                                                                                                                                          MD5:CCC11322033AC832D74F5C21C286758F
                                                                                                                                                                                                                                                          SHA1:7C9D55782EA6FB16F1691B3B2BC5157E09E336EF
                                                                                                                                                                                                                                                          SHA-256:17023BAB476590772C6587374518C00656E378096901404DB618921075EFD3EB
                                                                                                                                                                                                                                                          SHA-512:13D97F48530EB1369B89545BAEF4623F56BC36863BD4931AB000B83F324D1B7B415096613D755F63273B8AE0D45DEFC69930961306E08D8002DCCFFD06AB7ED7
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:MDMP..a..... ........ag............4...............H...........<.......t...,-..........`.......8...........T............A...r......................................................................................................eJ......\ ......GenuineIntel............T............ag.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9327.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):8314
                                                                                                                                                                                                                                                          Entropy (8bit):3.694606850684965
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJtW6q6YS1SUX6HpFgmfb+UjkpDT89bmGsf0im:R6lXJs6q6YASUqHpFgmfVNmlfQ
                                                                                                                                                                                                                                                          MD5:F42ABE682A711AA0B5816E7B75FC0691
                                                                                                                                                                                                                                                          SHA1:EFFEC1425E91E7BCC098F17F6CD7B0D12024150F
                                                                                                                                                                                                                                                          SHA-256:8F3278238F9DCF2D8AFEAA5D69C4C158F30E0095831689B52185D16547121F24
                                                                                                                                                                                                                                                          SHA-512:C0D8DAF999DA88B86C2AC593680895A867F8499AAB8EA2CE6E947628C29AB536697F0B32A98FC092D531236F33F30B547F64963CF765E03925CD1C49296201F0
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.5.4.8.<./.P.i.

                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9357.tmp.xml

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):4579
                                                                                                                                                                                                                                                          Entropy (8bit):4.46730762986869
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zs2rJg77aI9EFVWpW8VY+Ym8M4JLv9e/cFUD6+q8qjmlCvpUzDydd:uIjf2FI72m7VGJLAR63qgUzDydd
                                                                                                                                                                                                                                                          MD5:BF6F80EC4A12656FB63BEB3A852BD86D
                                                                                                                                                                                                                                                          SHA1:A1429944B41D7543B26B4F25FB98738E3990AFC2
                                                                                                                                                                                                                                                          SHA-256:1696C9364D04068E288BC0966E83DDD7FB09D46E84435D5F2597B0DD519E1E25
                                                                                                                                                                                                                                                          SHA-512:E58E7C9583154B4F262F2CB11C901B384F9052F35F9CB70DDA6C8DC3ED579E258F542FC96A12BE507EF4DC6183434FD127045C87A06862749B0A277D80E5AA55
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="635444" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                                                                                                          Entropy (8bit):4.372074314017975
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6144:LFVfpi6ceLP/9skLmb0ayWWSPtaJG8nAge35OlMMhA2AX4WABlguNiiLX:xV1QyWWI/glMM6kF7sqX
                                                                                                                                                                                                                                                          MD5:49010436EE212B54ECA858A3B1EBCF19
                                                                                                                                                                                                                                                          SHA1:E093EB5D908D6733D734E199931830935130FED4
                                                                                                                                                                                                                                                          SHA-256:589FA2A091B174369E108AF808A6729E11ED92089552CE74A0AD02BB8F624853
                                                                                                                                                                                                                                                          SHA-512:75E90C58A024A8C658A432C775D674A077B1B408D560A4A1307DB144CDB4211B1C55DB3C5CD135F6CB5F5CEC68F2236F001B13474092EC74AD593B0DB11181DD
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:regfC...C....\.Z.................... ....0......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...?.P..............................................................................................................................................................................................................................................................................................................................................2...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Entropy (8bit):6.6925040559075155
                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                          File name:sNWQ2gC6if.exe
                                                                                                                                                                                                                                                          File size:367'616 bytes
                                                                                                                                                                                                                                                          MD5:cc2566eae03240ffc314e5bee2dc4d26
                                                                                                                                                                                                                                                          SHA1:5e146c18717f7aa8cbd226ec750bce41bd8aa4b3
                                                                                                                                                                                                                                                          SHA256:9f2583d6908053c7fdf7e8b2da4f578432e761adbf11cbeab3b78b7da71ed843
                                                                                                                                                                                                                                                          SHA512:62f09b2ad6609ed4730d661f23bd4bb53df1ec8a9a9e305e3bc3945ce61f1641666adfc902998c4656a8ee224c816188664373e5e269f54d140a79221463b19d
                                                                                                                                                                                                                                                          SSDEEP:6144:hT46u0Jny38rm3bYIOhtVlJ2rlC0vGLfAq0TwdLZc:hT46uIysrm3bY51+nODFMwPc
                                                                                                                                                                                                                                                          TLSH:7174CF1176F19129E2B346357534DAA86E3FB8635E34859F3E08168F1B723918D72F83
                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.)..rGA.rGA.rGA.=.A.rGA. .A.rGA. .A.rGA. .AerGA,.<A.rGA.rFA}rGA. .A.rGA. .A.rGA. .A.rGARich.rGA........................PE..L..

                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                          Icon Hash:3518151412911209

                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Entrypoint:0x401877
                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                          DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                          Time Stamp:0x65866DE8 [Sat Dec 23 05:19:36 2023 UTC]
                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                          Import Hash:f9df41ae4b2e96d07a46131787a7a3b9

                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                          call 00007FA92883702Bh
                                                                                                                                                                                                                                                          jmp 00007FA9288336ADh
                                                                                                                                                                                                                                                          mov edi, edi
                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                          sub esp, 00000328h
                                                                                                                                                                                                                                                          mov dword ptr [00446C38h], eax
                                                                                                                                                                                                                                                          mov dword ptr [00446C34h], ecx
                                                                                                                                                                                                                                                          mov dword ptr [00446C30h], edx
                                                                                                                                                                                                                                                          mov dword ptr [00446C2Ch], ebx
                                                                                                                                                                                                                                                          mov dword ptr [00446C28h], esi
                                                                                                                                                                                                                                                          mov dword ptr [00446C24h], edi
                                                                                                                                                                                                                                                          mov word ptr [00446C50h], ss
                                                                                                                                                                                                                                                          mov word ptr [00446C44h], cs
                                                                                                                                                                                                                                                          mov word ptr [00446C20h], ds
                                                                                                                                                                                                                                                          mov word ptr [00446C1Ch], es
                                                                                                                                                                                                                                                          mov word ptr [00446C18h], fs
                                                                                                                                                                                                                                                          mov word ptr [00446C14h], gs
                                                                                                                                                                                                                                                          pushfd
                                                                                                                                                                                                                                                          pop dword ptr [00446C48h]
                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                          mov dword ptr [00446C3Ch], eax
                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                          mov dword ptr [00446C40h], eax
                                                                                                                                                                                                                                                          lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                          mov dword ptr [00446C4Ch], eax
                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                                                                                          mov dword ptr [00446B88h], 00010001h
                                                                                                                                                                                                                                                          mov eax, dword ptr [00446C40h]
                                                                                                                                                                                                                                                          mov dword ptr [00446B3Ch], eax
                                                                                                                                                                                                                                                          mov dword ptr [00446B30h], C0000409h
                                                                                                                                                                                                                                                          mov dword ptr [00446B34h], 00000001h
                                                                                                                                                                                                                                                          mov eax, dword ptr [00444004h]
                                                                                                                                                                                                                                                          mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                                                                                          mov eax, dword ptr [00444008h]
                                                                                                                                                                                                                                                          mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                                                                                          call dword ptr [000000C8h]

                                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                          • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                          • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                          • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                          • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                          • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                          • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x429fc0x3c.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x4210000x10ca8.rsrc
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x410000x194.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                          .text0x10000x3f5bc0x3f6009b2f8ce7f7cbc3dfd143e5ac5974900fFalse0.8042945636094675data7.376376674331909IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .rdata0x410000x230e0x240041ebfe3da5f26793b3be668f6ea5e534False0.359375data5.424416218841717IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .data0x440000x3dc4bc0x700048bd43883030a954f4166b56aec2b934unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                          .rsrc0x4210000x10ca80x10e0045553f82fa7ad631a7c9bbf07a28242aFalse0.45078125data4.743992158773363IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                          RT_ICON0x4215b00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.5101279317697228
                                                                                                                                                                                                                                                          RT_ICON0x4224580x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.5658844765342961
                                                                                                                                                                                                                                                          RT_ICON0x422d000x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.6002304147465438
                                                                                                                                                                                                                                                          RT_ICON0x4233c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.6394508670520231
                                                                                                                                                                                                                                                          RT_ICON0x4239300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkmenTurkmenistan0.4099585062240664
                                                                                                                                                                                                                                                          RT_ICON0x425ed80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.4793621013133208
                                                                                                                                                                                                                                                          RT_ICON0x426f800x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.47704918032786886
                                                                                                                                                                                                                                                          RT_ICON0x4279080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.5806737588652482
                                                                                                                                                                                                                                                          RT_ICON0x427de80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TurkmenTurkmenistan0.3427505330490405
                                                                                                                                                                                                                                                          RT_ICON0x428c900x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TurkmenTurkmenistan0.46164259927797835
                                                                                                                                                                                                                                                          RT_ICON0x4295380x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TurkmenTurkmenistan0.506336405529954
                                                                                                                                                                                                                                                          RT_ICON0x429c000x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TurkmenTurkmenistan0.5209537572254336
                                                                                                                                                                                                                                                          RT_ICON0x42a1680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TurkmenTurkmenistan0.42614107883817426
                                                                                                                                                                                                                                                          RT_ICON0x42c7100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TurkmenTurkmenistan0.43456848030018763
                                                                                                                                                                                                                                                          RT_ICON0x42d7b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TurkmenTurkmenistan0.4344262295081967
                                                                                                                                                                                                                                                          RT_ICON0x42e1400x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TurkmenTurkmenistan0.4512411347517731
                                                                                                                                                                                                                                                          RT_STRING0x42e7d80x386data0.4567627494456763
                                                                                                                                                                                                                                                          RT_STRING0x42eb600xb2data0.601123595505618
                                                                                                                                                                                                                                                          RT_STRING0x42ec180x6d0data0.4288990825688073
                                                                                                                                                                                                                                                          RT_STRING0x42f2e80x71edata0.4313940724478595
                                                                                                                                                                                                                                                          RT_STRING0x42fa080x6e2data0.43473325766174803
                                                                                                                                                                                                                                                          RT_STRING0x4300f00x65cdata0.43611793611793614
                                                                                                                                                                                                                                                          RT_STRING0x4307500x71adata0.4251925192519252
                                                                                                                                                                                                                                                          RT_STRING0x430e700x7c4data0.4200201207243461
                                                                                                                                                                                                                                                          RT_STRING0x4316380x66adata0.43118148599269185
                                                                                                                                                                                                                                                          RT_GROUP_ICON0x42e5a80x76dataTurkmenTurkmenistan0.6694915254237288
                                                                                                                                                                                                                                                          RT_GROUP_ICON0x427d700x76dataTurkmenTurkmenistan0.6610169491525424
                                                                                                                                                                                                                                                          RT_VERSION0x42e6200x1b8COM executable for DOS0.5659090909090909

                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                          KERNEL32.dllGetFileSize, SearchPathW, SetLocaleInfoA, InterlockedIncrement, GetConsoleAliasA, InterlockedDecrement, SetDefaultCommConfigW, ReadConsoleOutputAttribute, GetEnvironmentStringsW, Process32First, SetComputerNameW, GetTimeFormatA, SetEvent, GetProcessPriorityBoost, GetModuleHandleW, GetCommandLineA, GetEnvironmentStrings, LoadLibraryW, ReadProcessMemory, DeleteVolumeMountPointW, GetFileAttributesW, GetStartupInfoA, SetLastError, GetProcAddress, BuildCommDCBW, GetNumaHighestNodeNumber, GetAtomNameA, LoadLibraryA, LocalAlloc, AddAtomW, FoldStringA, CreatePipe, GetModuleHandleA, UpdateResourceW, OpenFileMappingW, GetShortPathNameW, FindFirstVolumeA, GetVersionExA, UnregisterWaitEx, SetFileAttributesW, CreateFileA, WriteConsoleW, GetLastError, HeapFree, HeapAlloc, MultiByteToWideChar, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, SetHandleCount, GetFileType, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, ReadFile, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, GetConsoleOutputCP
                                                                                                                                                                                                                                                          USER32.dllGetProcessDefaultLayout

                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                          TurkmenTurkmenistan

                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                          2024-12-17T16:42:07.884805+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.8589291.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-17T16:42:08.032429+01002058222ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)1192.168.2.8543431.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-17T16:42:09.422537+01002058223ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)1192.168.2.849706104.131.68.180443TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:09.422537+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849706104.131.68.180443TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:09.425171+01002822521ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)1104.131.68.180443192.168.2.849706TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:09.845092+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.849706104.131.68.180443TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:09.845092+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849706104.131.68.180443TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:09.868010+01002058214ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)1192.168.2.8545091.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-17T16:42:11.247880+01002058215ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)1192.168.2.849707104.131.68.180443TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:11.247880+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849707104.131.68.180443TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:11.250794+01002822521ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)1104.131.68.180443192.168.2.849707TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:11.681513+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.849707104.131.68.180443TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:11.681513+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849707104.131.68.180443TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:11.693850+01002058220ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)1192.168.2.8620421.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-17T16:42:11.834468+01002058218ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)1192.168.2.8628901.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-17T16:42:11.979706+01002058216ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)1192.168.2.8599421.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-17T16:42:12.128254+01002058236ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)1192.168.2.8632641.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-17T16:42:12.271683+01002058210ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)1192.168.2.8649221.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-17T16:42:12.422329+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.8533261.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-17T16:42:14.453770+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84970823.55.153.106443TCP
                                                                                                                                                                                                                                                          2024-12-17T16:42:15.590398+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.84970823.55.153.106443TCP

                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.177983999 CET49706443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.178026915 CET44349706104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.178093910 CET49706443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.182962894 CET49706443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.182979107 CET44349706104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.422353029 CET44349706104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.422537088 CET49706443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.425149918 CET49706443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.425170898 CET44349706104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.425550938 CET44349706104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.472702026 CET49706443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.520792007 CET49706443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.520792007 CET49706443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.521013975 CET44349706104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.845242023 CET44349706104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.845465899 CET44349706104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.845598936 CET49706443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.853568077 CET49706443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.853596926 CET44349706104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:10.006630898 CET49707443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:10.006664038 CET44349707104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:10.006750107 CET49707443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:10.007131100 CET49707443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:10.007144928 CET44349707104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.247817993 CET44349707104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.247879982 CET49707443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.250786066 CET49707443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.250793934 CET44349707104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.251137018 CET44349707104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.252296925 CET49707443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.252327919 CET49707443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.252384901 CET44349707104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.681544065 CET44349707104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.681665897 CET44349707104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.681719065 CET49707443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.681739092 CET49707443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.681755066 CET44349707104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.681763887 CET49707443192.168.2.8104.131.68.180
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.681768894 CET44349707104.131.68.180192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.708396912 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.708435059 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.708519936 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.708909988 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.708935022 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:14.453676939 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:14.453769922 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:14.456204891 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:14.456216097 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:14.456469059 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:14.458264112 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:14.503331900 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.590574026 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.590637922 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.590696096 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.590702057 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.590730906 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.590733051 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.590764999 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.590785980 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.686136007 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.686222076 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.686286926 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.686316967 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.686358929 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.714848995 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.714901924 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.714988947 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.715010881 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.715056896 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.715157032 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.715157032 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.721539974 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.721575022 CET4434970823.55.153.106192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.721590996 CET49708443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:15.721597910 CET4434970823.55.153.106192.168.2.8

                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:07.884804964 CET5892953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.027235031 CET53589291.1.1.1192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.032428980 CET5434353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.170785904 CET53543431.1.1.1192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.868010044 CET5450953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:10.005676985 CET53545091.1.1.1192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.693850040 CET6204253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.832981110 CET53620421.1.1.1192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.834467888 CET6289053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.976672888 CET53628901.1.1.1192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.979706049 CET5994253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.125844002 CET53599421.1.1.1192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.128253937 CET6326453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.265149117 CET53632641.1.1.1192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.271682978 CET6492253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.417805910 CET53649221.1.1.1192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.422328949 CET5332653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.561433077 CET53533261.1.1.1192.168.2.8
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.566442966 CET5295953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.704332113 CET53529591.1.1.1192.168.2.8

                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:07.884804964 CET192.168.2.81.1.1.10x41c0Standard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.032428980 CET192.168.2.81.1.1.10x5baaStandard query (0)immureprech.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:09.868010044 CET192.168.2.81.1.1.10xd669Standard query (0)deafeninggeh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.693850040 CET192.168.2.81.1.1.10xf308Standard query (0)effecterectz.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.834467888 CET192.168.2.81.1.1.10x80f7Standard query (0)diffuculttan.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.979706049 CET192.168.2.81.1.1.10x7eabStandard query (0)debonairnukk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.128253937 CET192.168.2.81.1.1.10xdf2eStandard query (0)wrathful-jammy.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.271682978 CET192.168.2.81.1.1.10x7cb0Standard query (0)awake-weaves.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.422328949 CET192.168.2.81.1.1.10x3550Standard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.566442966 CET192.168.2.81.1.1.10xdb5dStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.027235031 CET1.1.1.1192.168.2.80x41c0Name error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.170785904 CET1.1.1.1192.168.2.80x5baaNo error (0)immureprech.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.170785904 CET1.1.1.1192.168.2.80x5baaNo error (0)immureprech.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:08.170785904 CET1.1.1.1192.168.2.80x5baaNo error (0)immureprech.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:10.005676985 CET1.1.1.1192.168.2.80xd669No error (0)deafeninggeh.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:10.005676985 CET1.1.1.1192.168.2.80xd669No error (0)deafeninggeh.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:10.005676985 CET1.1.1.1192.168.2.80xd669No error (0)deafeninggeh.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.832981110 CET1.1.1.1192.168.2.80xf308Name error (3)effecterectz.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:11.976672888 CET1.1.1.1192.168.2.80x80f7Name error (3)diffuculttan.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.125844002 CET1.1.1.1192.168.2.80x7eabName error (3)debonairnukk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.265149117 CET1.1.1.1192.168.2.80xdf2eName error (3)wrathful-jammy.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.417805910 CET1.1.1.1192.168.2.80x7cb0Name error (3)awake-weaves.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.561433077 CET1.1.1.1192.168.2.80x3550Name error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 17, 2024 16:42:12.704332113 CET1.1.1.1192.168.2.80xdb5dNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                          • immureprech.biz
                                                                                                                                                                                                                                                          • deafeninggeh.biz
                                                                                                                                                                                                                                                          • steamcommunity.com

                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          0192.168.2.849706104.131.68.1804431548C:\Users\user\Desktop\sNWQ2gC6if.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-17 15:42:09 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Host: immureprech.biz
                                                                                                                                                                                                                                                          2024-12-17 15:42:09 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                                          2024-12-17 15:42:09 UTC94INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Tue, 17 Dec 2024 15:42:09 GMT
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          1192.168.2.849707104.131.68.1804431548C:\Users\user\Desktop\sNWQ2gC6if.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-17 15:42:11 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Host: deafeninggeh.biz
                                                                                                                                                                                                                                                          2024-12-17 15:42:11 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                                          2024-12-17 15:42:11 UTC94INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Tue, 17 Dec 2024 15:42:11 GMT
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          2192.168.2.84970823.55.153.1064431548C:\Users\user\Desktop\sNWQ2gC6if.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-17 15:42:14 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                                                          2024-12-17 15:42:15 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Date: Tue, 17 Dec 2024 15:42:15 GMT
                                                                                                                                                                                                                                                          Content-Length: 35131
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: sessionid=72a0349397cc711877af4dd7; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                          2024-12-17 15:42:15 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                          2024-12-17 15:42:15 UTC10097INData Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55
                                                                                                                                                                                                                                                          Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
                                                                                                                                                                                                                                                          2024-12-17 15:42:15 UTC10555INData Raw: 3b 57 45 42 5f 55 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75
                                                                                                                                                                                                                                                          Data Ascii: ;WEB_UNIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&qu


                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                          Start time:10:42:04
                                                                                                                                                                                                                                                          Start date:17/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\sNWQ2gC6if.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\sNWQ2gC6if.exe"
                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                          File size:367'616 bytes
                                                                                                                                                                                                                                                          MD5 hash:CC2566EAE03240FFC314E5BEE2DC4D26
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1606914020.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000003.1427054834.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                          Start time:10:42:16
                                                                                                                                                                                                                                                          Start date:17/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 840
                                                                                                                                                                                                                                                          Imagebase:0x2a0000
                                                                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                            Execution Coverage:1.8%
                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:41.2%
                                                                                                                                                                                                                                                            Signature Coverage:48.5%
                                                                                                                                                                                                                                                            Total number of Nodes:68
                                                                                                                                                                                                                                                            Total number of Limit Nodes:4
                                                                                                                                                                                                                                                            execution_graph 26280 9c003c 26281 9c0049 26280->26281 26295 9c0e0f SetErrorMode SetErrorMode 26281->26295 26286 9c0265 26287 9c02ce VirtualProtect 26286->26287 26289 9c030b 26287->26289 26288 9c0439 VirtualFree 26293 9c05f4 LoadLibraryA 26288->26293 26294 9c04be 26288->26294 26289->26288 26290 9c04e3 LoadLibraryA 26290->26294 26292 9c08c7 26293->26292 26294->26290 26294->26293 26296 9c0223 26295->26296 26297 9c0d90 26296->26297 26298 9c0dad 26297->26298 26299 9c0dbb GetPEB 26298->26299 26300 9c0238 VirtualAlloc 26298->26300 26299->26300 26300->26286 26319 43b068 26320 43b080 26319->26320 26323 43b16e 26320->26323 26325 43a9b0 LdrInitializeThunk 26320->26325 26321 43b23f 26323->26321 26326 43a9b0 LdrInitializeThunk 26323->26326 26325->26323 26326->26321 26327 40b44c 26331 40b45a 26327->26331 26332 40b57c 26327->26332 26328 40b65c 26330 43a950 2 API calls 26328->26330 26330->26332 26331->26328 26331->26332 26333 43a950 26331->26333 26334 43a995 26333->26334 26335 43a968 26333->26335 26337 43a976 26333->26337 26339 43a98a 26333->26339 26340 438e70 26334->26340 26335->26334 26335->26337 26338 43a97b RtlReAllocateHeap 26337->26338 26338->26339 26339->26328 26341 438e83 26340->26341 26342 438e94 26340->26342 26343 438e88 RtlFreeHeap 26341->26343 26342->26339 26343->26342 26344 43aecc 26345 43af00 26344->26345 26345->26345 26346 43af7e 26345->26346 26348 43a9b0 LdrInitializeThunk 26345->26348 26348->26346 26349 408790 26351 40879f 26349->26351 26350 408970 ExitProcess 26351->26350 26352 4087b4 GetCurrentProcessId GetCurrentThreadId 26351->26352 26355 40887a 26351->26355 26353 4087da 26352->26353 26354 4087de SHGetSpecialFolderPathW GetForegroundWindow 26352->26354 26353->26354 26354->26355 26355->26350 26356 438e51 RtlAllocateHeap 26357 43ab91 26358 43ab9a GetForegroundWindow 26357->26358 26359 43abad 26358->26359 26360 a39816 26361 a39825 26360->26361 26364 a39fb6 26361->26364 26369 a39fd1 26364->26369 26365 a39fda CreateToolhelp32Snapshot 26366 a39ff6 Module32First 26365->26366 26365->26369 26367 a3a005 26366->26367 26368 a3982e 26366->26368 26371 a39c75 26367->26371 26369->26365 26369->26366 26372 a39ca0 26371->26372 26373 a39cb1 VirtualAlloc 26372->26373 26374 a39ce9 26372->26374 26373->26374 26374->26374 26375 43b195 26377 43b197 26375->26377 26376 43b23f 26377->26376 26379 43a9b0 LdrInitializeThunk 26377->26379 26379->26376

                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                            Function 00408790 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 004087B4
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004087BE
                                                                                                                                                                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040885B
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00408870
                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00408972
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4063528623-0
                                                                                                                                                                                                                                                            • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                            • Instruction ID: a67ee57a83d6170df5f07577f929ddf8a699819013d33d30bc43b1fbcecb0360
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95417E77F443180BD31CBEB59C9A36AB2969BC4314F0A903F6985AB3D1DD7C5C0552C5
                                                                                                                                                                                                                                                            Function 00A39FB6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 129 a39fb6-a39fcf 130 a39fd1-a39fd3 129->130 131 a39fd5 130->131 132 a39fda-a39fe6 CreateToolhelp32Snapshot 130->132 131->132 133 a39ff6-a3a003 Module32First 132->133 134 a39fe8-a39fee 132->134 135 a3a005-a3a006 call a39c75 133->135 136 a3a00c-a3a014 133->136 134->133 140 a39ff0-a39ff4 134->140 141 a3a00b 135->141 140->130 140->133 141->136
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00A39FDE
                                                                                                                                                                                                                                                            • Module32First.KERNEL32(00000000,00000224), ref: 00A39FFE
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606914020.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A39000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a39000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3833638111-0
                                                                                                                                                                                                                                                            • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                            • Instruction ID: 3a2c8e09e23a7e491b3462a6cf2d02a6a3d7aa1f0ad973f4da44a4a2c04f1f08
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27F09032200715AFE7203BF9A98DB6FB7E8AF59725F100629F647D14C0DBB0EC458A61
                                                                                                                                                                                                                                                            Function 0040B44C Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 246 40b44c-40b453 247 40b4c0 246->247 248 40b7e0-40b7f0 246->248 249 40b4e4 246->249 250 40b4c6-40b4dd 246->250 251 40b7a7-40b7b1 246->251 252 40b4ae 246->252 253 40b4f1-40b502 246->253 254 40b4b4 246->254 255 40b6d7-40b6f5 246->255 256 40b797-40b7a0 246->256 257 40b7f7-40b804 246->257 258 40b738-40b756 246->258 259 40b7b8-40b7d9 246->259 260 40b45a-40b467 246->260 247->250 248->257 261 40b6c6-40b6cf 248->261 262 40b588 248->262 263 40b80b 248->263 264 40b60c 248->264 265 40b48c-40b490 248->265 266 40b58e-40b5af 248->266 267 40b650-40b65f call 43a950 248->267 268 40b811-40b82b call 43c280 248->268 269 40b854-40b85d 248->269 270 40b5d5-40b5dc 248->270 271 40b697-40b699 248->271 272 40b620-40b627 248->272 273 40b4a0-40b4a6 248->273 274 40b862 248->274 275 40b662-40b670 call 43a950 248->275 276 40b6a4 248->276 277 40b46e-40b483 call 43c280 248->277 278 40b870-40b880 248->278 279 40b630-40b634 248->279 280 40b5f0-40b605 248->280 281 40b570-40b575 248->281 282 40b5b0-40b5cd 248->282 283 40b830-40b84c call 43c280 248->283 284 40b679 248->284 285 40b63b-40b63f 248->285 286 40b57c-40b57f 248->286 287 40b67e-40b695 call 43c280 248->287 249->253 250->248 250->249 250->251 250->253 250->255 250->256 250->257 250->258 250->259 250->261 250->262 250->263 250->264 250->265 250->266 250->267 250->268 250->269 250->270 250->271 250->272 250->273 250->274 250->275 250->276 250->277 250->278 250->279 250->280 250->281 250->282 250->283 250->284 250->285 250->286 250->287 251->259 251->265 251->271 251->273 251->276 251->277 251->287 252->254 288 40b510-40b562 253->288 254->247 289 40b700-40b71c 255->289 256->248 256->251 256->257 256->259 256->261 256->262 256->263 256->264 256->265 256->266 256->267 256->268 256->269 256->270 256->271 256->272 256->273 256->274 256->275 256->276 256->277 256->278 256->279 256->280 256->281 256->282 256->283 256->284 256->285 256->286 256->287 257->263 257->265 257->268 257->269 257->271 257->273 257->276 257->277 257->283 257->287 290 40b760-40b77c 258->290 259->248 259->257 259->261 259->262 259->263 259->264 259->265 259->266 259->267 259->268 259->269 259->270 259->271 259->272 259->273 259->274 259->275 259->276 259->277 259->278 259->279 259->280 259->281 259->282 259->283 259->284 259->285 259->286 259->287 260->265 260->273 260->276 260->277 261->255 264->272 265->273 266->282 267->275 268->283 294 40b69b 269->294 270->263 270->265 270->268 270->269 270->271 270->273 270->276 270->277 270->280 270->283 270->284 270->286 270->287 271->294 272->262 272->263 272->265 272->266 272->268 272->269 272->270 272->271 272->273 272->276 272->277 272->279 272->281 272->282 272->283 272->284 272->286 272->287 273->252 275->284 308 40b6ad-40b6c5 276->308 277->265 279->285 280->262 280->263 280->264 280->265 280->266 280->267 280->268 280->269 280->270 280->271 280->272 280->273 280->275 280->276 280->277 280->281 280->282 280->283 280->284 280->286 280->287 281->263 281->265 281->268 281->269 281->271 281->273 281->276 281->277 281->283 281->284 281->286 281->287 282->270 283->269 284->287 313 40b646 285->313 286->262 287->271 288->288 299 40b564-40b567 288->299 289->289 296 40b71e-40b732 289->296 290->290 297 40b77e-40b792 290->297 294->276 296->258 297->255 299->281 313->267
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: h d"
                                                                                                                                                                                                                                                            • API String ID: 0-862628183
                                                                                                                                                                                                                                                            • Opcode ID: 907832ec394077f3cb61ce921fa134c81a3c0afbaec0ddbe82e25e94bded95fe
                                                                                                                                                                                                                                                            • Instruction ID: e7b26040d347b48bd15f509a2e92d141a5522c4f34e33ed28b849909e17f734e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 907832ec394077f3cb61ce921fa134c81a3c0afbaec0ddbe82e25e94bded95fe
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81B1CF79204700CFD3248F74EC91B67B7F6FB4A301F058A7DE99682AA0D774A859CB18
                                                                                                                                                                                                                                                            Function 0043A9B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 338 43a9b0-43a9e2 LdrInitializeThunk
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                            • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                            • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                            Function 0043CD60 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                                            • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                            • Opcode ID: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                                            • Instruction ID: fada9a9e4b2345b6e6448840249a942183f34978708c931c01a97142677ee2ca
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C31F434304300AFE7109B249CC2B7BBBA5EB8EB14F24653DF584A3391D265EC60874A
                                                                                                                                                                                                                                                            Function 0043B05B Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                                            • Instruction ID: 59f44d745d542156a41113c6a864a29fdb0868418a705d17f35015423a5ff240
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F418C76A587588FC724AF54ACC477BB3A1EB8A320F2E552DDAE517351E7648C0083CD
                                                                                                                                                                                                                                                            Function 009C003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 0 9c003c-9c0047 1 9c004c-9c0263 call 9c0a3f call 9c0e0f call 9c0d90 VirtualAlloc 0->1 2 9c0049 0->2 17 9c028b-9c0292 1->17 18 9c0265-9c0289 call 9c0a69 1->18 2->1 20 9c02a1-9c02b0 17->20 22 9c02ce-9c03c2 VirtualProtect call 9c0cce call 9c0ce7 18->22 20->22 23 9c02b2-9c02cc 20->23 29 9c03d1-9c03e0 22->29 23->20 30 9c0439-9c04b8 VirtualFree 29->30 31 9c03e2-9c0437 call 9c0ce7 29->31 33 9c04be-9c04cd 30->33 34 9c05f4-9c05fe 30->34 31->29 36 9c04d3-9c04dd 33->36 37 9c077f-9c0789 34->37 38 9c0604-9c060d 34->38 36->34 42 9c04e3-9c0505 LoadLibraryA 36->42 40 9c078b-9c07a3 37->40 41 9c07a6-9c07b0 37->41 38->37 43 9c0613-9c0637 38->43 40->41 44 9c086e-9c08be LoadLibraryA 41->44 45 9c07b6-9c07cb 41->45 46 9c0517-9c0520 42->46 47 9c0507-9c0515 42->47 48 9c063e-9c0648 43->48 52 9c08c7-9c08f9 44->52 49 9c07d2-9c07d5 45->49 50 9c0526-9c0547 46->50 47->50 48->37 51 9c064e-9c065a 48->51 53 9c0824-9c0833 49->53 54 9c07d7-9c07e0 49->54 55 9c054d-9c0550 50->55 51->37 56 9c0660-9c066a 51->56 58 9c08fb-9c0901 52->58 59 9c0902-9c091d 52->59 57 9c0839-9c083c 53->57 60 9c07e4-9c0822 54->60 61 9c07e2 54->61 62 9c0556-9c056b 55->62 63 9c05e0-9c05ef 55->63 64 9c067a-9c0689 56->64 57->44 65 9c083e-9c0847 57->65 58->59 60->49 61->53 68 9c056d 62->68 69 9c056f-9c057a 62->69 63->36 66 9c068f-9c06b2 64->66 67 9c0750-9c077a 64->67 72 9c0849 65->72 73 9c084b-9c086c 65->73 74 9c06ef-9c06fc 66->74 75 9c06b4-9c06ed 66->75 67->48 68->63 70 9c057c-9c0599 69->70 71 9c059b-9c05bb 69->71 83 9c05bd-9c05db 70->83 71->83 72->44 73->57 77 9c06fe-9c0748 74->77 78 9c074b 74->78 75->74 77->78 78->64 83->55
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 009C024D
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                            • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                            • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                            • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                            • Instruction ID: 432f36c829207e9df796c30a500edc2b52fb0a286b991de80b22d2d91fe883de
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08527774E00229DFDB64CF68C984BA8BBB1BF49304F1480D9E94DAB251DB30AE84DF15
                                                                                                                                                                                                                                                            Function 0043AB0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 123 43ab0b-43ab1f 124 43ab20-43ab7b 123->124 124->124 125 43ab7d-43abce GetForegroundWindow call 43c7d0 124->125
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ForegroundWindow
                                                                                                                                                                                                                                                            • String ID: ilmn
                                                                                                                                                                                                                                                            • API String ID: 2020703349-1560153188
                                                                                                                                                                                                                                                            • Opcode ID: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                            • Instruction ID: 381210f78ea322f673374cf03a2ab6eba84d6d5afac1efb59df7821204f613f6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0115C3BE5A65087D304DB65D806156B293EAC5214F0DD53DC986D770AEF3DDC028286
                                                                                                                                                                                                                                                            Function 009C0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 142 9c0e0f-9c0e24 SetErrorMode * 2 143 9c0e2b-9c0e2c 142->143 144 9c0e26 142->144 144->143
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(00000400,?,?,009C0223,?,?), ref: 009C0E19
                                                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(00000000,?,?,009C0223,?,?), ref: 009C0E1E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorMode
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                                                                                                                                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                            • Instruction ID: af328b2692cfc2a1b9dd1c30e7287542d4ab38166da10a26ed2ae93810af9828
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FD01231545128B7D7003A94DC09BCD7B1CDF05B62F008411FB0DD9081C770994046E6
                                                                                                                                                                                                                                                            Function 0043A950 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 322 43a950-43a961 323 43a976-43a988 call 43bf00 RtlReAllocateHeap 322->323 324 43a995-43a996 call 438e70 322->324 325 43a98a-43a993 call 438e30 322->325 326 43a968-43a96f 322->326 333 43a9a0-43a9a2 323->333 332 43a99b-43a99e 324->332 325->333 326->323 326->324 332->333
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B65C,00000000,?), ref: 0043A982
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                            • Opcode ID: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                                            • Instruction ID: 722538be6ec62bdfb2320af1aff19aeee9eb7e72755357ed04131fae2c05cc9a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99E0E576414611FBC6001B24BC06B1B3665AF8A721F02183AF440E6115DA38E811859F
                                                                                                                                                                                                                                                            Function 0043AB91 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 334 43ab91-43aba8 GetForegroundWindow call 43c7d0 337 43abad-43abce 334->337
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ForegroundWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2020703349-0
                                                                                                                                                                                                                                                            • Opcode ID: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                            • Instruction ID: 60e8b0f46bfb036eff5fe615915129b1fb2bd173e47bf556a6606a5c449cc706
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34E08C7EA406008BDB04DF20EC4A5517766B79A305B084039D903C37A6DB3DD816CA49
                                                                                                                                                                                                                                                            Function 00438E70 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 339 438e70-438e7c 340 438e83-438e8e call 43bf00 RtlFreeHeap 339->340 341 438e94-438e95 339->341 340->341
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(?,00000000,?,004127C7), ref: 00438E8E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                                                                                            • Opcode ID: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                            • Instruction ID: 85901e1c641484a1e9593b863e702362ecf9fc70d5eef9c3d2e46bbe4163b786
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63D01235405526EBC6101F24FC06B863A54EF49321F030461B540AF076C734DC908AD8
                                                                                                                                                                                                                                                            Function 00438E47 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                            • Opcode ID: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                            • Instruction ID: 4c59684187f8c9fc8ebab3782fe1e1f4842940d007367fb0e8ab7bd4dbd8a192
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0C0927C142211FBD2211B21AC5EF6B3E38FB83B63F104124F209580B287649011DA6E
                                                                                                                                                                                                                                                            Function 00438E51 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                            • Opcode ID: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                            • Instruction ID: 3dd49d49275fbb255d04589a33f94784ad2ffd24471d3276aa8c957077778349
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AA0223C002200EBC2200B20AC0EF2B3E38FB83B23F000030F00C080B283308000CA2E
                                                                                                                                                                                                                                                            Function 00A39C75 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00A39CC6
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606914020.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A39000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a39000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                            • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                            • Instruction ID: 697d3137a95d59fb259dc31470daaedd941563bb5f12c9a7fb1b2a2ec7d6adc6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C113C79A00208EFDB01DF98CA85E99BBF5AF08350F058094F9489B362D771EA50DF90

                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                            Function 009F4891 Relevance: 127.9, Strings: 102, Instructions: 417COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: $!$"$$$%$%$&$($)$*$+$,$-$.$.$.$0$0$1$2$4$4$4$5$6$8$:$;$;$<$=$>$>$?$?$@$B$C$D$D$F$H$J$L$M$N$N$N$O$P$R$T$U$V$X$Z$Z$Z$[$\$\$]$^$^$`$a$b$c$d$e$e$e$e$f$g$h$i$i$j$k$l$l$m$n$o$p$p$r$s$t$t$t$v$v$x$x$z$|$}$~$~$~
                                                                                                                                                                                                                                                            • API String ID: 0-1394229784
                                                                                                                                                                                                                                                            • Opcode ID: 0ad0ccab371ecf03d36c413c93bc7494f07a7df5888065dda6a46f4b89f4694b
                                                                                                                                                                                                                                                            • Instruction ID: 1c957c00a873cb69123d56e3f2d12a033ad66fd213e47990b96aa58b69e6adf5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ad0ccab371ecf03d36c413c93bc7494f07a7df5888065dda6a46f4b89f4694b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D622482190D7E9CDEB26C638CC487DDBEA15B56314F0841D9C19D6B3C2D7BA0B89CB26
                                                                                                                                                                                                                                                            Function 0043462A Relevance: 127.9, Strings: 102, Instructions: 417COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: $!$"$$$%$%$&$($)$*$+$,$-$.$.$.$0$0$1$2$4$4$4$5$6$8$:$;$;$<$=$>$>$?$?$@$B$C$D$D$F$H$J$L$M$N$N$N$O$P$R$T$U$V$X$Z$Z$Z$[$\$\$]$^$^$`$a$b$c$d$e$e$e$e$f$g$h$i$i$j$k$l$l$m$n$o$p$p$r$s$t$t$t$v$v$x$x$z$|$}$~$~$~
                                                                                                                                                                                                                                                            • API String ID: 0-1394229784
                                                                                                                                                                                                                                                            • Opcode ID: 056a6b09ac1f0b8069d8e0856d928db892cc49fb58976f7f6017e888c085083b
                                                                                                                                                                                                                                                            • Instruction ID: 78fde7a8102a4a25e3d516c1edb5f9b2f063fdb03dbd0bbcca9d4d838a68c62c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 056a6b09ac1f0b8069d8e0856d928db892cc49fb58976f7f6017e888c085083b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F22472190D7E9CDEB26C638CC587DDBEA15B56314F0841D9C19D6B3C2C7BA0B89CB26
                                                                                                                                                                                                                                                            Function 009F42FF Relevance: 36.6, Strings: 29, Instructions: 348COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: *$+$0$:$<$>$@$C$`$`$a$b$d$d$f$g$h$n$n$p$s$w$x$z${${$|$|$}
                                                                                                                                                                                                                                                            • API String ID: 0-334816167
                                                                                                                                                                                                                                                            • Opcode ID: 63cdccc75301cd355fa4edc8c506f7aea9a9e61635fb673e26f729942e3a0ac3
                                                                                                                                                                                                                                                            • Instruction ID: 897895fafd8bbb71f739cc5eba5a83c25e5570fd380c3455f9482c5e12115fa5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63cdccc75301cd355fa4edc8c506f7aea9a9e61635fb673e26f729942e3a0ac3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AF1D221D087E98ADB32C67C8C443DDBFA25B53324F1943D9D4E9AB3D2C6790A46CB52
                                                                                                                                                                                                                                                            Function 00434098 Relevance: 36.6, Strings: 29, Instructions: 348COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: *$+$0$:$<$>$@$C$`$`$a$b$d$d$f$g$h$n$n$p$s$w$x$z${${$|$|$}
                                                                                                                                                                                                                                                            • API String ID: 0-334816167
                                                                                                                                                                                                                                                            • Opcode ID: 4d803b101157e4a712cc0ef110f4861eff536f857bbb1a7cf2d313a64b91ceb8
                                                                                                                                                                                                                                                            • Instruction ID: 4ba09c738a8091425718d315f50eff196f5ba60e1b3feeb24fdbf3622366560b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d803b101157e4a712cc0ef110f4861eff536f857bbb1a7cf2d313a64b91ceb8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BF1E521D087E98ADB32C67C8C443CDBFA15B97324F1943D9D4E9AB3D2C6780A46CB56
                                                                                                                                                                                                                                                            Function 004361E0 Relevance: 32.1, APIs: 10, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 0043640E
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(FA46F8B5), ref: 0043646A
                                                                                                                                                                                                                                                            • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004364A7
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(w!s#), ref: 004364FB
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(A3q5), ref: 004365A1
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00436613
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00436775
                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 004367A0
                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 004367A6
                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004367B3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                                            • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                            • API String ID: 2485776651-4124187736
                                                                                                                                                                                                                                                            • Opcode ID: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                            • Instruction ID: 522da010f1620deffab12e26d595bfb80e0736a5a48a815d81ab8756012ad252
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7112EC72A083019BD314CF28C881B6BBBE5FFC9304F15992DF595DB290D778D9058B9A
                                                                                                                                                                                                                                                            Function 009F6447 Relevance: 28.6, APIs: 8, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CoCreateInstance.COMBASE(0043F68C,00000000,00000001,0043F67C), ref: 009F6675
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(FA46F8B5), ref: 009F66D1
                                                                                                                                                                                                                                                            • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 009F670E
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(w!s#), ref: 009F6762
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(A3q5), ref: 009F6808
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 009F687A
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 009F69DC
                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 009F6A1A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: String$Alloc$Variant$BlanketClearCreateFreeInitInstanceProxy
                                                                                                                                                                                                                                                            • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                            • API String ID: 2775254435-4124187736
                                                                                                                                                                                                                                                            • Opcode ID: 7f006d42d978ea279f5d884ff5246a5058d7d597c52cd245997dba74b9415a56
                                                                                                                                                                                                                                                            • Instruction ID: 3eb1208e074197ec0f979d25d6f2dd30b8c5e2a6fae646a2fc24b99a9eaaab7b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f006d42d978ea279f5d884ff5246a5058d7d597c52cd245997dba74b9415a56
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2012C7B2A083409BD714CF68C881B6BBBE6FBC5304F148A2CF695DB291D774D905CB86
                                                                                                                                                                                                                                                            Function 004310D0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                            • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                            • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                            • Opcode ID: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                            • Instruction ID: d10a51e23ecba45016217ad21913f42ff9d133ebe453f27826f30668db2baec2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B941A17050C7818ED301AFB8D88835FBEE0AB8A314F444A7EE4E9963D2D678854DC797
                                                                                                                                                                                                                                                            Function 009C9497 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 7]7N$9/,8$; >?$<'=0$LSJm$PVNR$R:e}$`{R2$agsy$p~rs$rz|x$sD/f$wkoq$~p~9
                                                                                                                                                                                                                                                            • API String ID: 0-2345621967
                                                                                                                                                                                                                                                            • Opcode ID: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                            • Instruction ID: e5f86e657b7d040d478ad5d19aab191aaa6bde78483139116d6e62eea6eeebe6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAC1387190C3D58BD315CF2584A4B6BBFE1AFD2344F1885ACE4E11B782D639890ACB67
                                                                                                                                                                                                                                                            Function 00409230 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 7]7N$9/,8$; >?$<'=0$LSJm$PVNR$R:e}$`{R2$agsy$p~rs$rz|x$sD/f$wkoq$~p~9
                                                                                                                                                                                                                                                            • API String ID: 0-2345621967
                                                                                                                                                                                                                                                            • Opcode ID: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                            • Instruction ID: bfc0c3310975af71fded0e8a17bd930ed1ccefcf7fefaebca231936fe6ab8075
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47C1367150C3958BD315CE2584A036BBFE1AFD6304F1889BDE4E11B386D63D8D0ACBA6
                                                                                                                                                                                                                                                            Function 009CFC64 Relevance: 17.1, Strings: 13, Instructions: 892COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &$+$4$@$C$O$T$Y$Z$\$g$q$t
                                                                                                                                                                                                                                                            • API String ID: 0-2174627302
                                                                                                                                                                                                                                                            • Opcode ID: 2c149d579c2bfbe290bb8fc034ca28ef72b0ce807b879de6ec01245955241a86
                                                                                                                                                                                                                                                            • Instruction ID: da43211ff67c9a146d5402c2485168734394287bdcde5cfbbd6211125729cf52
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c149d579c2bfbe290bb8fc034ca28ef72b0ce807b879de6ec01245955241a86
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A672AE7160C7818FD3249F38C4957AFBBE2ABD6314F188D2EE5DA87382D67984458B03
                                                                                                                                                                                                                                                            Function 0040F9FD Relevance: 17.1, Strings: 13, Instructions: 892COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &$+$4$@$C$O$T$Y$Z$\$g$q$t
                                                                                                                                                                                                                                                            • API String ID: 0-2174627302
                                                                                                                                                                                                                                                            • Opcode ID: fa95428c970c30a1efb578d72b7ddf9eb6b82f5b934b73145c579ff54d310729
                                                                                                                                                                                                                                                            • Instruction ID: 9695cd9248a7320cbd761fb78df0a02734abf8995342c504889e395b39462be9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa95428c970c30a1efb578d72b7ddf9eb6b82f5b934b73145c579ff54d310729
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E728E7160C7818BD3249F38C4953AFBBE2ABD5314F194A3EE5D9873D2D67884858B07
                                                                                                                                                                                                                                                            Function 009E8108 Relevance: 14.2, Strings: 11, Instructions: 461COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: *B)$*B)$<=$O)O+$Q5Z7$T!M#$U1D3$V%G'$XY$\9X;$p-B/
                                                                                                                                                                                                                                                            • API String ID: 0-898000180
                                                                                                                                                                                                                                                            • Opcode ID: 9fc2874815f84d3ef4346084d008133ae0ec9231113661370af9e7ee02782906
                                                                                                                                                                                                                                                            • Instruction ID: 58a2df80dccad0f08de1cffb62bf1b499e858f92661758411d6fb9db96ac7c34
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fc2874815f84d3ef4346084d008133ae0ec9231113661370af9e7ee02782906
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63C10DB12483918BD714CF99C89266BB3F2EFD2754F08895CE4DA8B794E734C902C796
                                                                                                                                                                                                                                                            Function 009E3C9B Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                            • API String ID: 0-2246970021
                                                                                                                                                                                                                                                            • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                            • Instruction ID: 9dcb84cf7d37b488d6130faa68762d042ce847b5d4a1b0d537857a292aed5e92
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A3242B0601B469FDB48CF26D580389BBB1FF45300F548698C9695FB5ADB35A892CFC0
                                                                                                                                                                                                                                                            Function 00423A34 Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                            • API String ID: 0-2246970021
                                                                                                                                                                                                                                                            • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                            • Instruction ID: f89536dd89445c36d0748b7bd4a9cf4b738649ea5c65e76590e6169531de8307
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C43242B0611B569FDB48CF26D580389BBB1FF45300F548698C9695FB4ADB35A8A2CFC0
                                                                                                                                                                                                                                                            Function 00425E90 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 648COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: *mB$67$@iB$V3R5
                                                                                                                                                                                                                                                            • API String ID: 0-119712241
                                                                                                                                                                                                                                                            • Opcode ID: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                                            • Instruction ID: f8f986030c5c516667fa2fb6bcf2798bb7f33b75dff4277953ef0512ab11a316
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A2258716083548BC728DF68E85176FB7E1EFC5304F49893DE9868B392EB349905CB86
                                                                                                                                                                                                                                                            Function 009E1347 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: !@$,$T$U$V$h
                                                                                                                                                                                                                                                            • API String ID: 0-1072848446
                                                                                                                                                                                                                                                            • Opcode ID: 8e8ca45835480ccfa162dc2bafbba4cee2664ffe78ab865597f6f2298b61ffbe
                                                                                                                                                                                                                                                            • Instruction ID: c7d20ba5a919ee4976e3cf2e5e38e8f724ad3a04746af1b9d4e2b0cd92574b18
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e8ca45835480ccfa162dc2bafbba4cee2664ffe78ab865597f6f2298b61ffbe
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13229C7160C7D08FD3259F29845436EBBE1ABC6324F198E2DE5EA873D2D6798844CB43
                                                                                                                                                                                                                                                            Function 004210E0 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: !@$,$T$U$V$h
                                                                                                                                                                                                                                                            • API String ID: 0-1072848446
                                                                                                                                                                                                                                                            • Opcode ID: b818ee9c67694a0f4bc9b807532e0d54e79f31c8e805177f741268a403b11b31
                                                                                                                                                                                                                                                            • Instruction ID: 7f4f8c271271a0ee30063bf5d57d9afa0b4a7bb7edff0777766b2e5d54dfe869
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b818ee9c67694a0f4bc9b807532e0d54e79f31c8e805177f741268a403b11b31
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF22E17160C3A08FD320DF28D44436FBBE1ABD6314F598A2EE5D9873A1D77988458B4B
                                                                                                                                                                                                                                                            Function 004205B0 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &'$0c=e$2g1i$<k;m$B$wy
                                                                                                                                                                                                                                                            • API String ID: 0-2430453506
                                                                                                                                                                                                                                                            • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                            • Instruction ID: efc43d6a55d29c5113b9513135886848320c4b4fba7a0b6b3d57c2edb9ba0087
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26D127B56083118BD724DF25D85276BB7F2EFE2314F58992CE4828B3A5F7789801CB46
                                                                                                                                                                                                                                                            Function 009EC8B1 Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                            • API String ID: 0-3264166258
                                                                                                                                                                                                                                                            • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                            • Instruction ID: 770ed5e64719aa2c8947b422af6deefef9fb41c3978dfa34db7291ef5336e3e7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0B10A7110C3C18BD329CF2A84917BBBBD6AFD2314F288A6DD4D987291DB75894AC713
                                                                                                                                                                                                                                                            Function 0042C64A Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                            • API String ID: 0-3264166258
                                                                                                                                                                                                                                                            • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                            • Instruction ID: f15181a2a9622c2e50c414abf7a3ac4626398852fa6a8a653e4f6d86baaa0204
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62B1087020C3918AE324CF2994917BFBBD2AFD6304F588A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                            Function 009C89F7 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 009C8A1B
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 009C8A25
                                                                                                                                                                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 009C8AC2
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 009C8AD7
                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 009C8BD9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4063528623-0
                                                                                                                                                                                                                                                            • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                            • Instruction ID: 1d8e93132522f1d3b7f3732810cb57d88b3176a83d304321991ddd41e4530ece
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02417F77F4431807D71CAEB4CC5A77BF69A9BC4314F09803E6985AB391DDB85C0552C1
                                                                                                                                                                                                                                                            Function 00422E93 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 394COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: )*$X9{;$r1B
                                                                                                                                                                                                                                                            • API String ID: 0-1001561910
                                                                                                                                                                                                                                                            • Opcode ID: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                                            • Instruction ID: a1479a56b64214e2a7fc54a03e2bd96b94a4879ed58cb61811aa9170273c6ab6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94D1BAB06083419FD3009F59E88166BBBE0FF96309F54892DF5818B351E3B8DA09CB5A
                                                                                                                                                                                                                                                            Function 0041BEA0 Relevance: 6.9, Strings: 5, Instructions: 684COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: -$C\$Iz$[^$de
                                                                                                                                                                                                                                                            • API String ID: 0-3020956940
                                                                                                                                                                                                                                                            • Opcode ID: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                            • Instruction ID: e1ce7c89e45d16bcd91c54bb6943d2a9f79ffbc50f6667256eaf7ee8aaf95e0a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C012237654C3108FC314CFA8C8926ABBBE2EFD5314F18892DE4E58B391E7789505CB86
                                                                                                                                                                                                                                                            Function 009E0817 Relevance: 6.7, Strings: 5, Instructions: 481COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &'$0c=e$2g1i$<k;m$wy
                                                                                                                                                                                                                                                            • API String ID: 0-3335612808
                                                                                                                                                                                                                                                            • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                            • Instruction ID: ecf82ff6b07465ecb915d43d5e0db91ae3695bdd9dd43c02b9ce2c821c180e50
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECD107B56083418BD724DF25C85276BB7F2FFD2314F18996CE4828B394E7B99841CB52
                                                                                                                                                                                                                                                            Function 009EC94B Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                                            • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                            • Instruction ID: 7523a6bd425205909cca25773407410556d9e607a9d5568b5cbf96cf7aa14ba7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60A10A7110C3C18BE369CF2A84917BBBBD6AFD2314F28896DD4D987291DB75884AC713
                                                                                                                                                                                                                                                            Function 0042C6E4 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                                            • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                            • Instruction ID: a1ece66a1846d5f05b18afa13e78785737907ef84dba56bd06699bfcf49e878d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16A1097120C3918AE364CF2994917AFBBD2AFD2304F588A6ED4C987391DB788449C757
                                                                                                                                                                                                                                                            Function 009EC99C Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                                            • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                            • Instruction ID: 2822b1ba78586ab11d0f2965917ffdded11e90add8964e74f2151f7d88fc61b5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0A10B7010C3C18FE369CF2984917BBBBD6AFD2314F288A6DD4D987291DB75884AC712
                                                                                                                                                                                                                                                            Function 0042C735 Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                                            • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                            • Instruction ID: a1affb31d16800ef8c6cc435bb9674081fedb8b39f933f67ef20babcac88fb25
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BA1097020C3918AE324CF2994D17AFBBD2AFD2304F688A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                            Function 009EC98D Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                                            • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                            • Instruction ID: 038d8a029b9490a6163d931be452d2a33d7391f76d1a92b9503c67d1596d118f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51A1F97110C3C18ED325CF2A88917BBBBD6AFD2314F28896DD4D98B291DB75884AC753
                                                                                                                                                                                                                                                            Function 0042C726 Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                                            • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                            • Instruction ID: 9bb2126ccc093d793a191dd69b681400b401b97b3b24328c9194ba10bd873eb8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16A1077120C3918AD324CF2994917BBBBD2AFD2304F688A5ED4C98B391DB788449C757
                                                                                                                                                                                                                                                            Function 00415298 Relevance: 6.1, Strings: 4, Instructions: 1123COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: in~x$kmbj$ydij$Z\
                                                                                                                                                                                                                                                            • API String ID: 0-979945983
                                                                                                                                                                                                                                                            • Opcode ID: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                                            • Instruction ID: a7131c4719c006be066284edc26e6de5161f51a5f0bff666fc31d9b99828dd7c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 107249B5600701CFD7248F28D8817A7B7B2FF96314F18856EE4968B392E739E842CB55
                                                                                                                                                                                                                                                            Function 009DE1E7 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                            • API String ID: 0-3432275560
                                                                                                                                                                                                                                                            • Opcode ID: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                            • Instruction ID: b3d2529b082d8f14c84dd7976b654fd3bdff43b4933008c04f8075b17e34e5a2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3442277054C3908FD725EF28C85076EBBE1AF92314F088A6EE8E55F392D7368906D752
                                                                                                                                                                                                                                                            Function 0041DF80 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                            • API String ID: 0-3432275560
                                                                                                                                                                                                                                                            • Opcode ID: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                            • Instruction ID: 5890859bd03ddd88b235fb657101ddbf2934de1c8c3864215f367d42e94b454c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD42683850C3908FC725DF29C8507AFBBE1AF96314F08466EE8E44B392D7398945C79A
                                                                                                                                                                                                                                                            Function 009EB75E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                            • API String ID: 0-261129489
                                                                                                                                                                                                                                                            • Opcode ID: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                            • Instruction ID: db9baf73d56730b6413a46e833c469feae9731864e99dc546c5d1be5d108738c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6E1F67111D3C18BE725CF29C8517BBBBD6EF92304F18896DD1D987292DB39884AC712
                                                                                                                                                                                                                                                            Function 0042B4F7 Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                            • API String ID: 0-261129489
                                                                                                                                                                                                                                                            • Opcode ID: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                            • Instruction ID: 01141288c62049998ddddb8392f03a48052843576c41680a3c86522b868e0cab
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17E1076121C3918BE725CF29D4517BBBBD6EFD2304F58896EC0D987392DB38840AC796
                                                                                                                                                                                                                                                            Function 009EB763 Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                            • API String ID: 0-261129489
                                                                                                                                                                                                                                                            • Opcode ID: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                            • Instruction ID: 2f773b5999cb5b09c99cac9f2ae2404fc2d955a88bdfe4a39d09d309529b0009
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39E1D67111D3C18AE735CF25C4607BBBBD6AFD2304F1888ADC1C987292DB79494ACB12
                                                                                                                                                                                                                                                            Function 0042B4FC Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                            • API String ID: 0-261129489
                                                                                                                                                                                                                                                            • Opcode ID: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                            • Instruction ID: 105acce5f4ff7ea6d47210ba8b73cab4478fbe416d66b6a3adf1b721c409ed6c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16E1F37120C3D18AE735CF2594607BBBBD6EFD2304F5848AEC1C98B292DB39440ACB56
                                                                                                                                                                                                                                                            Function 00418578 Relevance: 5.5, Strings: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: "w+y$?TUV$D@YO$^QRW
                                                                                                                                                                                                                                                            • API String ID: 0-2418547040
                                                                                                                                                                                                                                                            • Opcode ID: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                                            • Instruction ID: fcb942591893e55783a104e15fa10a8e25e40a6012ded37723e5c7bd10029470
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3502AB75600701CFD324CF29C891BA2B7F2FF59314F19896DD4968BBA1DB39A841CB44
                                                                                                                                                                                                                                                            Function 00423410 Relevance: 5.4, Strings: 4, Instructions: 415COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: #$$+oQ$?{;}$DF
                                                                                                                                                                                                                                                            • API String ID: 0-1090792222
                                                                                                                                                                                                                                                            • Opcode ID: fe6da00e438e1ead2a2d23196ddeab5711043166ad0a78cb1c77591abb4d52b2
                                                                                                                                                                                                                                                            • Instruction ID: f8f0a3fc3e126b0df0e9da8d66218e0bc810a6f9e0fb1804998ec3192ea1b230
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe6da00e438e1ead2a2d23196ddeab5711043166ad0a78cb1c77591abb4d52b2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34E102B4E043549FEB10DF28D942B5EBBB0FB86304F1085ADE598AB381D7758946CF86
                                                                                                                                                                                                                                                            Function 00431839 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MetricsSystem
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                            • Opcode ID: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                            • Instruction ID: 403ffabe11f23b748e06d840ed2f043dd1bcc1ca5a787c04042f92a2a85d24cf
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 365173B4E142189FDB40EFACE98569DBBF0BB88310F114529E499E7350D734AD48CF96
                                                                                                                                                                                                                                                            Function 009CD25A Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                                            • API String ID: 0-483502859
                                                                                                                                                                                                                                                            • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                            • Instruction ID: 6760253700b84ce031a66b7aae5169078b5e561acff8df25ffe3235930e41140
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2A1C2B56017818FD728CF29C590A62BBF2FF96304B1995ADC0D68FB66D734E802CB11
                                                                                                                                                                                                                                                            Function 0040CFF3 Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                                            • API String ID: 0-483502859
                                                                                                                                                                                                                                                            • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                            • Instruction ID: f448791ebc0dd286385b88dc6d7820084d2eda887077436efc4f1c5c77796cf1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44A1D6B56007818FD714CF29C590A22BFE2FF96300B1995ADC4D69F7A6DB38E806CB54
                                                                                                                                                                                                                                                            Function 009DC1AC Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: -$C\$Iz$[^
                                                                                                                                                                                                                                                            • API String ID: 0-2105564891
                                                                                                                                                                                                                                                            • Opcode ID: 856b381f3345170c9e1f152739ef8b6d943d9b4d3d608726b0c255f8cc161e2c
                                                                                                                                                                                                                                                            • Instruction ID: cf552216fdccb3e9d48e1eb8ff3d86ef9356a1daaafe1fe71c6dbfb1c5e85963
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 856b381f3345170c9e1f152739ef8b6d943d9b4d3d608726b0c255f8cc161e2c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3581DCB264C3519FD308CFA9885185FFBE2EFD1300F59C86DF0E58B251D67996068B82
                                                                                                                                                                                                                                                            Function 009F6107 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: T$U$V$k
                                                                                                                                                                                                                                                            • API String ID: 0-1255220828
                                                                                                                                                                                                                                                            • Opcode ID: c93e863c5daac2f8ca78168b26a37bbe867cb239aeeaedccae74f18b85e983c0
                                                                                                                                                                                                                                                            • Instruction ID: 9684c4a39db820ae37bd4f0a2b6a7963dfb8bbe5ce105249b0b4acbfb907e8fe
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c93e863c5daac2f8ca78168b26a37bbe867cb239aeeaedccae74f18b85e983c0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAA1E33220C7948BD3149B38989027EBBD25BD6328F194B2DE6E6872D2D679C945CB07
                                                                                                                                                                                                                                                            Function 00435EA0 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: T$U$V$k
                                                                                                                                                                                                                                                            • API String ID: 0-1255220828
                                                                                                                                                                                                                                                            • Opcode ID: d7e9605b728d24d94aa6476dc2bc71a6c7b696767e3fd5b61d48fe4e4e80319c
                                                                                                                                                                                                                                                            • Instruction ID: 419b7bd8d768cf5a93220c289582c9eeb00d0d40764b4ee896287773b3a375b3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7e9605b728d24d94aa6476dc2bc71a6c7b696767e3fd5b61d48fe4e4e80319c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4CA1043110C7918BD708CB38985022FBBE25BDA324F1A9B2EE4E6473D2D679C945C74B
                                                                                                                                                                                                                                                            Function 004156A0 Relevance: 4.4, Strings: 3, Instructions: 617COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: in~x$kmbj$ydij
                                                                                                                                                                                                                                                            • API String ID: 0-2624003027
                                                                                                                                                                                                                                                            • Opcode ID: 368771055179ae10f3d8f5d678ba0a53bce91d3d7d6a2510e556935792b0b895
                                                                                                                                                                                                                                                            • Instruction ID: f79569228283954ad57b9a6cc496d73d61da5c1ffc761606bfa780fd5c95cafa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 368771055179ae10f3d8f5d678ba0a53bce91d3d7d6a2510e556935792b0b895
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A91245B5600A01CFC7248F24D8D16A7BBA2FF96314F18857ED4968B396E738E842CB55
                                                                                                                                                                                                                                                            Function 009D144C Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 0$V$e
                                                                                                                                                                                                                                                            • API String ID: 0-3964817793
                                                                                                                                                                                                                                                            • Opcode ID: c7716370ac8927f06ffe637d3cea15850e05a15dbd07c9effa12d3fdb0013073
                                                                                                                                                                                                                                                            • Instruction ID: 1912fe623bb16b6118b0ff09d720cd27bd50f6e43979492f9deae0651b0b5cc1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7716370ac8927f06ffe637d3cea15850e05a15dbd07c9effa12d3fdb0013073
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E22C97290D7908BD724DF3884957AEBBD1ABD5320F198F2EE5E9873D1D63889018B43
                                                                                                                                                                                                                                                            Function 004111E5 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 0$V$e
                                                                                                                                                                                                                                                            • API String ID: 0-3964817793
                                                                                                                                                                                                                                                            • Opcode ID: 9207e5ff9b94fdf015fcac0bd88a7bc55f734a6a516d8fe41e33a64d42c49df1
                                                                                                                                                                                                                                                            • Instruction ID: 59230c03b5a3a3693ef44b30c97d38267524f76adfdce6de0efbbb4ceb4d7fde
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9207e5ff9b94fdf015fcac0bd88a7bc55f734a6a516d8fe41e33a64d42c49df1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9822E77290C7408BD724DF38C4913AEBBD2ABD5324F194A2EE5E9973D1DA388941CB47
                                                                                                                                                                                                                                                            Function 00426054 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 67$V3R5$dB
                                                                                                                                                                                                                                                            • API String ID: 0-2543814982
                                                                                                                                                                                                                                                            • Opcode ID: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                            • Instruction ID: 8517aef1948ed283949bb5420b5e04df083ffcb119de912f7f261172b9a423e3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28F145B5A0C361CBC714DF24E85126BB7E1AF86304F09487EE8C297352D739E905CB5A
                                                                                                                                                                                                                                                            Function 009D87DF Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: "w+y$?TUV$DX8Z
                                                                                                                                                                                                                                                            • API String ID: 0-3307990326
                                                                                                                                                                                                                                                            • Opcode ID: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                            • Instruction ID: 00cb9b5afae38af5be1b8d7127615845ccea5bb16a0057d69bc45386226c48a9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D81AB756407128BC728CF29C890A67B7F2FF95710B19C59ED8C24BB66EB34A842CB45
                                                                                                                                                                                                                                                            Function 009C092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                            • API String ID: 0-2784972518
                                                                                                                                                                                                                                                            • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                            • Instruction ID: 7cfc3d3c168d6275c16427e01d370f486b0f6cd0a8647a33d9178c28933bc373
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96315AB6900609DFEB10CF99C880BAEBBF9FF88324F24404AD441A7351D775EA45CBA5
                                                                                                                                                                                                                                                            Function 009D99D7 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                            • API String ID: 0-936430989
                                                                                                                                                                                                                                                            • Opcode ID: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                            • Instruction ID: 9a247baae95f2fe517aa50fa9a297851bd5a78191475d0a8a20d7c52c841d101
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB8212746883409BD7249F24D880B2FBBE6EBD6714F28C92EE1C587392D771DC528B46
                                                                                                                                                                                                                                                            Function 00419770 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                            • API String ID: 2994545307-936430989
                                                                                                                                                                                                                                                            • Opcode ID: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                                            • Instruction ID: 1bde8819f6f7b7dbc416330df06e5e5b0ea208d0a860aecc15c429cbd1f7d48d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF8248746093405BD724CF24D890BAFBBE2EBC6714F28892DE4C547392D679DC92CB4A
                                                                                                                                                                                                                                                            Function 009C4F17 Relevance: 3.3, Strings: 2, Instructions: 833COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 0$8
                                                                                                                                                                                                                                                            • API String ID: 0-46163386
                                                                                                                                                                                                                                                            • Opcode ID: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                            • Instruction ID: 36afe295507569c2025e588102446e9e25adb928422e9ede8cefc5fe36da5f21
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56726871A087409FD714CF18C880BABBBE1AF98354F45892DF9998B391D375E984CB93
                                                                                                                                                                                                                                                            Function 00404CB0 Relevance: 3.3, Strings: 2, Instructions: 833COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 0$8
                                                                                                                                                                                                                                                            • API String ID: 0-46163386
                                                                                                                                                                                                                                                            • Opcode ID: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                            • Instruction ID: d40c633f6dc63a9644a0400b392de52ca6438bdc0a59f23ad90aea60c423d6c9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC7213716087409FD714CF18C880BABBBE1EB88314F04892EF9899B391D379D948DF96
                                                                                                                                                                                                                                                            Function 009CDF8C Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                                            • String ID: PT
                                                                                                                                                                                                                                                            • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                                            • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                            • Instruction ID: 9d39c73134999c9454cde7e0b0cc62fd1f556a4f93349cb529d7cda58c78f0c0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35A1BFB55087818FD726CF29C4A0A62BFE1EF57300B19969CC4E24FB66D339D805CB56
                                                                                                                                                                                                                                                            Function 0040DD25 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                                            • String ID: PT
                                                                                                                                                                                                                                                            • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                                            • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                            • Instruction ID: 75a7993a4975897b3fffe1a5d6229db9520caabe5b699855c7cd795a636d0404
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68A1C0B4508B818FD326CF69C490A22BFE1EF57300B1996ADC4D25F7A6D339E806CB55
                                                                                                                                                                                                                                                            Function 004223B8 Relevance: 3.3, Strings: 2, Instructions: 772COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: "*B$B*B
                                                                                                                                                                                                                                                            • API String ID: 0-3938277345
                                                                                                                                                                                                                                                            • Opcode ID: ca0737ad3b4449c2b88f5e3ab455cb045f7dc09c4e14c18ef94007a83bd96a02
                                                                                                                                                                                                                                                            • Instruction ID: c0ff169c622c87bee100c6609ea31c9af3570951461718032b7520edbb3c94ef
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca0737ad3b4449c2b88f5e3ab455cb045f7dc09c4e14c18ef94007a83bd96a02
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53421276A00211DFCB18CF68DC90AAEB7B2FF49310F598179E905AB395D734AD11CB84
                                                                                                                                                                                                                                                            Function 00437399 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: .$kl
                                                                                                                                                                                                                                                            • API String ID: 0-2631956018
                                                                                                                                                                                                                                                            • Opcode ID: d144eace9ea77f902bcb9140e81b2a0528f571a57748096d515ff42ca28c8b60
                                                                                                                                                                                                                                                            • Instruction ID: 6e525d0f0299ed0e456b3adafb39e2bcab09d4ef44449d93680b2b5d8b67f0fb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d144eace9ea77f902bcb9140e81b2a0528f571a57748096d515ff42ca28c8b60
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FE1173A218709CBCB189F78EC5127A73F1FF4A741F4A887DD8818B2A1E7B99950C714
                                                                                                                                                                                                                                                            Function 009CABA7 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: BE$de
                                                                                                                                                                                                                                                            • API String ID: 0-1272349043
                                                                                                                                                                                                                                                            • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                            • Instruction ID: d43d71578d29372d4408b1cc758a05bf12945fd281b1bfad6c7156f378e8fee7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58D10871A5C3544BD728DF288851BAFFBE6ABC2304F18492CE8D19B395D675C906C783
                                                                                                                                                                                                                                                            Function 0040A940 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: BE$de
                                                                                                                                                                                                                                                            • API String ID: 0-1272349043
                                                                                                                                                                                                                                                            • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                            • Instruction ID: 2d7de7b673e5cb152189fb1770f850f450cdad5ace7171a4f245c8b9200c7c18
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BD1057264C3544BD728DF2888516AFBBE2AFC2304F19492DE8D1AB391D678C916C787
                                                                                                                                                                                                                                                            Function 009C45D7 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: )$IEND
                                                                                                                                                                                                                                                            • API String ID: 0-707183367
                                                                                                                                                                                                                                                            • Opcode ID: 77fecbe1ae68033b4a8663d8c056a40f5f9b3b2dca52a2b3e7224ada374ec122
                                                                                                                                                                                                                                                            • Instruction ID: 7f6a08b0bb530672da8083d9b033a49307215400324a80c3aaa7b489aeba26c7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77fecbe1ae68033b4a8663d8c056a40f5f9b3b2dca52a2b3e7224ada374ec122
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CD1ACB1A083449FE720CF18C855B9BBBE4AF95304F14892DF9999B381D775E908CB93
                                                                                                                                                                                                                                                            Function 004239F2 Relevance: 2.8, Strings: 2, Instructions: 296COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: +oQ$?{;}
                                                                                                                                                                                                                                                            • API String ID: 0-1414831546
                                                                                                                                                                                                                                                            • Opcode ID: 1ee29228f1a6319e217c168091de010b371413e67c26b3c1ec204d280338f3ea
                                                                                                                                                                                                                                                            • Instruction ID: f7e0cf01948a060ca3ae4ae96257901d3d9473cfc3be429b8585dccf822635a3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ee29228f1a6319e217c168091de010b371413e67c26b3c1ec204d280338f3ea
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BCB1BFB4E043189FEB20DF68D942B9EBBB0FB45304F1081ADE158AB381D7758946CF96
                                                                                                                                                                                                                                                            Function 009EB427 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: Fg$RU]l
                                                                                                                                                                                                                                                            • API String ID: 0-3680832515
                                                                                                                                                                                                                                                            • Opcode ID: 212695677cf782d22b69bcc5005693ffe3c19f735568b368facab7bd000f874a
                                                                                                                                                                                                                                                            • Instruction ID: 6895439bf7266e6a8bb2c38bc0afced3b801e532a1db5e9c42b3f9e9d111b091
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 212695677cf782d22b69bcc5005693ffe3c19f735568b368facab7bd000f874a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A71E47121D3C08BE7798F25C8617EBBBD6EBD2314F18896DD1D94B292DB39440ACB12
                                                                                                                                                                                                                                                            Function 0042B1C0 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: Fg$RU]l
                                                                                                                                                                                                                                                            • API String ID: 0-3680832515
                                                                                                                                                                                                                                                            • Opcode ID: 2cdefad0313fa6e4cc5bdb883f2834b1e6d918137519908ea04b1d30e5e067f0
                                                                                                                                                                                                                                                            • Instruction ID: 6f8db59bce85ef316af4e5eced37d01641f7d5c841364d3efc2c21db6cf2a903
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cdefad0313fa6e4cc5bdb883f2834b1e6d918137519908ea04b1d30e5e067f0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2171087120D3808BE7398F25D8A57EB7BD2EBD2304F58996DC0C987392DB78440ACB56
                                                                                                                                                                                                                                                            Function 004256F9 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: O28+$h
                                                                                                                                                                                                                                                            • API String ID: 0-657163135
                                                                                                                                                                                                                                                            • Opcode ID: 8dd85ae810d5b5fecc68ec4464ee5e33d050158683b23acf0f2d06bcda51bc6b
                                                                                                                                                                                                                                                            • Instruction ID: 943cae955c8ebe7c4b26d457fd1afafbf5e793f4316e69c7cecf830d1c43eab0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dd85ae810d5b5fecc68ec4464ee5e33d050158683b23acf0f2d06bcda51bc6b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B561BE32B887258BD3149A38A8901B7F791EB55350F88473EDD96873C2E63C9D09C3DA
                                                                                                                                                                                                                                                            Function 009FCD87 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: @$ihgf
                                                                                                                                                                                                                                                            • API String ID: 0-73152791
                                                                                                                                                                                                                                                            • Opcode ID: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                            • Instruction ID: 2e69427f7234209e20e3d0c7d5b902a7048c71be808183ce50327c344e8b1bfb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 564113B1A043098BD714CF24C84277BB7A6FFD2328F14862CE5959B391E7359D15CB82
                                                                                                                                                                                                                                                            Function 0043CB20 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID: @$ihgf
                                                                                                                                                                                                                                                            • API String ID: 2994545307-73152791
                                                                                                                                                                                                                                                            • Opcode ID: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                                            • Instruction ID: cc847ee4b474d0efd8a0440ac8e8375c275344d67ffd0b73ceeb6cce142f8bff
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D413AB1A043018BD714CF24D89277BB7A1FFCA318F14952DD489AB391E739E915C78A
                                                                                                                                                                                                                                                            Function 009D554C Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: Z\$^P
                                                                                                                                                                                                                                                            • API String ID: 0-3724859648
                                                                                                                                                                                                                                                            • Opcode ID: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                            • Instruction ID: dcaffc44172b5c519a6b006a718847b47ff71c43aa6183a4996ae02a2d53c3c9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F41E0B1911A00CFC719CF28C892A62B7B2FF99314B16C59DD4968F7A4E738E802CB55
                                                                                                                                                                                                                                                            Function 0042750D Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: AzB$`rB
                                                                                                                                                                                                                                                            • API String ID: 0-365317308
                                                                                                                                                                                                                                                            • Opcode ID: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                            • Instruction ID: 6eccde100400f429e4c459893b2eae1b4256d2ec662aaeb68cc10dd30f14b8df
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44118BB960C3919FC3049F29D59011BFBE0ABD5708F54DA6CE8C96B312D338DA018B8A
                                                                                                                                                                                                                                                            Function 00427326 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: AzB$`rB
                                                                                                                                                                                                                                                            • API String ID: 0-365317308
                                                                                                                                                                                                                                                            • Opcode ID: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                            • Instruction ID: f6425de8d121e4265380cb8b8556ee32d0ff2cc323f56d540e3951a84df8493e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 810169B520D3919FC3049F29D59011BFBE0BBD5708F549A6CE8C96B312D334DA418B4A
                                                                                                                                                                                                                                                            Function 00417582 Relevance: 2.2, Strings: 1, Instructions: 985COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: c$
                                                                                                                                                                                                                                                            • API String ID: 0-2516980088
                                                                                                                                                                                                                                                            • Opcode ID: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                                            • Instruction ID: 8ddf10d90ef0e2d4ef8b1445a283de62437e0b874c2761f734db7318cd05b52d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F6205742087418FD7258F28C8907A7BBF2FF5A310F19866DD4964B792D338E846CB58
                                                                                                                                                                                                                                                            Function 009F9A97 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: f
                                                                                                                                                                                                                                                            • API String ID: 0-1993550816
                                                                                                                                                                                                                                                            • Opcode ID: 63a83f5a27331d9fe3a04257bda5fcaf30bc217a6dc898aca3077588f1bd9e28
                                                                                                                                                                                                                                                            • Instruction ID: 22b4369ed38023b57a5ffaa75de16342691d6a1eaae870b5242dadfa0ea3c674
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63a83f5a27331d9fe3a04257bda5fcaf30bc217a6dc898aca3077588f1bd9e28
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B22EE756083458FD718CF25C880B3ABBE6BBD9314F198A2CE6D987391DB75D805CB82
                                                                                                                                                                                                                                                            Function 00439830 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID: f
                                                                                                                                                                                                                                                            • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                                            • Opcode ID: b46a8015aa8989e18fcfc994abe159656f3f5075906cadacb80bce7823f6c0cd
                                                                                                                                                                                                                                                            • Instruction ID: c6061003a35e321c419c30bd02a3c4e1c0b56f4f8cbc670ef9e4360bbe252bef
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b46a8015aa8989e18fcfc994abe159656f3f5075906cadacb80bce7823f6c0cd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7722EF756083518FD718CF25C880A2BBBE2BBC9314F199A2DE4D587391DBB4EC06CB46
                                                                                                                                                                                                                                                            Function 00415F66 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: A67H
                                                                                                                                                                                                                                                            • API String ID: 0-3389657328
                                                                                                                                                                                                                                                            • Opcode ID: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                                            • Instruction ID: 0278bb419d5cbe6ad6e5f6493e2644ba58dfc9cb1efb87832400374d385c740d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A81225B4604601DFC724CF28D891767B7E2FF5A314F15892DE4AA87792D738E882CB58
                                                                                                                                                                                                                                                            Function 009D8F35 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: [
                                                                                                                                                                                                                                                            • API String ID: 0-3878419350
                                                                                                                                                                                                                                                            • Opcode ID: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                            • Instruction ID: edb32137e5bf691e443129be51893e4715481ae3198517ec344bc5e99cac7779
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90021175640702CBCB24CF29C8D1662B7F2FF96714B19C59DC8864BBA5EB39E842CB50
                                                                                                                                                                                                                                                            Function 009F6E67 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: ,)*k
                                                                                                                                                                                                                                                            • API String ID: 0-1228391949
                                                                                                                                                                                                                                                            • Opcode ID: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                            • Instruction ID: 4ac7f9e5e039e93f4d63a98a729b3a4cd1cc57450a9655186f6da7d32856c404
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11C15675A0C3185FD324DFA0C880A3FFBE6ABDA714F188A2CF68553691DA319C04C792
                                                                                                                                                                                                                                                            Function 00436C00 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID: ,)*k
                                                                                                                                                                                                                                                            • API String ID: 2994545307-1228391949
                                                                                                                                                                                                                                                            • Opcode ID: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                                            • Instruction ID: bb41e8b13f176b197a8e10d4dde50fa6e0ce8ca76c9034d38a3517968bb0ad29
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4C15A75A083116FD724DF21D881A2BB7E2ABDE704F16AA2EE5C553781D638DC04C78A
                                                                                                                                                                                                                                                            Function 00427DA2 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: m
                                                                                                                                                                                                                                                            • API String ID: 0-3775001192
                                                                                                                                                                                                                                                            • Opcode ID: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                                            • Instruction ID: 244b2cefeb1f5bc2c232bbf8925c55c2a37160be3d0d910679bc8471d4ecd8fe
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6D134B5A093109FC320DF24D89126FB7A2EF96304F49492EE9D587352EB38D905CB96
                                                                                                                                                                                                                                                            Function 009DC921 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: .
                                                                                                                                                                                                                                                            • API String ID: 0-1505114982
                                                                                                                                                                                                                                                            • Opcode ID: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                            • Instruction ID: b186be82522d213efc39d834e38b2f82b1940e47c3114dcf1dcd796712ab4c2a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFC128B5D40216CBCB24CF29C8526BBB7B1FF95310F19C65ED895AB790E734A842CB90
                                                                                                                                                                                                                                                            Function 009E5BF7 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 167H
                                                                                                                                                                                                                                                            • API String ID: 0-2704650348
                                                                                                                                                                                                                                                            • Opcode ID: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                            • Instruction ID: 6565ee6c9f71d62dbad04091f14972be8e5867e618942813329ee37097aa294a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72D19B32A087944BD715CF2A8C817ABB796EFD5318F1A8A2CE995873C1D734DD05C782
                                                                                                                                                                                                                                                            Function 00425990 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID: 167H
                                                                                                                                                                                                                                                            • API String ID: 2994545307-2704650348
                                                                                                                                                                                                                                                            • Opcode ID: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                                            • Instruction ID: bf2ece600eee686df0bdf1c423ff2d06ad0eddb47c6a63d29c729e7fd306df6e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35D19932B147244BD714CF25A8816BBB792EBD5314F99862EE885973C1E7389D05838A
                                                                                                                                                                                                                                                            Function 0041C6BB Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: .
                                                                                                                                                                                                                                                            • API String ID: 0-1505114982
                                                                                                                                                                                                                                                            • Opcode ID: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                            • Instruction ID: 5388aebb9722ef47512ed6758712c035957564ba8f43e3dcaa493907b87915b9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FC12AB5D40212CBCB24CF69CC916BBB7B1FF95310F19825DD896AB390E738A841CB94
                                                                                                                                                                                                                                                            Function 00428BE9 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                            • API String ID: 0-2852464175
                                                                                                                                                                                                                                                            • Opcode ID: f90cc14d5b1d07471296a569d27c41b333f7458cf0fcf530a90d726fe5722012
                                                                                                                                                                                                                                                            • Instruction ID: 0c29c4f326a3360d4f83cd19facfb249d1e6e8dcfa8d7f8eb9091c930c4cf0c7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f90cc14d5b1d07471296a569d27c41b333f7458cf0fcf530a90d726fe5722012
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69D17634B05254CFDB14CF78E8D16AEBBB2AF1A310F6841BDE5519B392CB384906CB59
                                                                                                                                                                                                                                                            Function 009E1F77 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &#
                                                                                                                                                                                                                                                            • API String ID: 0-1789715784
                                                                                                                                                                                                                                                            • Opcode ID: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                            • Instruction ID: f498ddc68c6da1f545334353f0d73e9f74c901b70d5de57ea83428fd65ab62af
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBA14A71A082905BDB1A9B29CC5277BB3E9EF91320F09892CF996973C1E734DD05C352
                                                                                                                                                                                                                                                            Function 00421D10 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: &#
                                                                                                                                                                                                                                                            • API String ID: 0-1789715784
                                                                                                                                                                                                                                                            • Opcode ID: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                                            • Instruction ID: c9f534a10d10fcbb0aeeb65dde57b2602cc7be5083ad25e1a4bd69b4b534b867
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FA14B71B042205BD7249B289C5267BB3E1EFA1324F89852EF896973D1E77CED01C35A
                                                                                                                                                                                                                                                            Function 0041CB05 Relevance: 1.7, Strings: 1, Instructions: 407COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: .
                                                                                                                                                                                                                                                            • API String ID: 0-1505114982
                                                                                                                                                                                                                                                            • Opcode ID: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                            • Instruction ID: df86e8cabfd52562b6ebe50b702b66c3677f2f48fb8aab21b174fbacb2a831e7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AB1F4B5E402128BCB248F68CC927A7B7B1FF55314F19915ED845AB790E738AC42C7D4
                                                                                                                                                                                                                                                            Function 009C83C7 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: -
                                                                                                                                                                                                                                                            • API String ID: 0-2547889144
                                                                                                                                                                                                                                                            • Opcode ID: 27c89adea84a4971459812ff31a4728146f694fcb44008b8af47e8cd9ff8a59b
                                                                                                                                                                                                                                                            • Instruction ID: 65ba30a67e069fae6e608f5066bf5ccce10dec901ce1420cb73a5d1168b15a87
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27c89adea84a4971459812ff31a4728146f694fcb44008b8af47e8cd9ff8a59b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAD10C71E087854BC718CE29D89076FBBE6AFC1320F198A2DE4E5473D5DB3899058B82
                                                                                                                                                                                                                                                            Function 009DC528 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: de
                                                                                                                                                                                                                                                            • API String ID: 0-2106599819
                                                                                                                                                                                                                                                            • Opcode ID: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                            • Instruction ID: c0a2c3c258154f4b9cb739987f1f13d25286dfba93dbfbf7b4fbfd12d75bbaa6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A99143B194C3028AC324DF68C89266BB7F2EFD1324F18D92DE4D64B391E7788905CB52
                                                                                                                                                                                                                                                            Function 009DD4D7 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: ~
                                                                                                                                                                                                                                                            • API String ID: 0-1707062198
                                                                                                                                                                                                                                                            • Opcode ID: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                            • Instruction ID: 25cfd36f30c6ad74c2ad12c7229225a0bff5329c47d273cc2d6bc8f9e7b5e7e5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3A13672A082615FCB25CE28888066AB7E1AFD5324F19C67EECB9973D1D630DD0697C1
                                                                                                                                                                                                                                                            Function 0041D270 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: ~
                                                                                                                                                                                                                                                            • API String ID: 0-1707062198
                                                                                                                                                                                                                                                            • Opcode ID: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                            • Instruction ID: fb8d2d24bbcf8da77d425a74861fbc6d37f4fcabb9a6f9815e5d7f96e75daac0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2A14772E042215FCB15CE2888806ABB7D1ABD5324F19823EECB99B3D2D634DD0697D1
                                                                                                                                                                                                                                                            Function 00426E50 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: RpB
                                                                                                                                                                                                                                                            • API String ID: 0-664042118
                                                                                                                                                                                                                                                            • Opcode ID: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                            • Instruction ID: f37ba1eb55105a71e6c02689e7a75f224f26334d47d5f70d86fb510902375083
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09B12532A0C391CFD314CF28E89072AB7E2BF8A711F1A4A6DE59597391C7349D45CB4A
                                                                                                                                                                                                                                                            Function 004252BA Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: d1
                                                                                                                                                                                                                                                            • API String ID: 0-4211392460
                                                                                                                                                                                                                                                            • Opcode ID: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                                            • Instruction ID: 74c04020a71521c8b9984734295d0b81cdc6df3862d17ec890c7cf8b211da757
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 409112B5618200DFD714DF24E881A7BB7A0FB8A705F84593EF48693361DB38C9158B4A
                                                                                                                                                                                                                                                            Function 009FDA97 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: cdef
                                                                                                                                                                                                                                                            • API String ID: 0-4216504194
                                                                                                                                                                                                                                                            • Opcode ID: 6cfb0631b4c3af94e0a4d7ca533938db559d7b6d0bfe02f92feebc81ba876585
                                                                                                                                                                                                                                                            • Instruction ID: 55641249b56b043c4a357287959b20edf355c45985611b6f50e9d81a8c7b9fa4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6cfb0631b4c3af94e0a4d7ca533938db559d7b6d0bfe02f92feebc81ba876585
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25817671A093548FC725CF24C890A7BBBA6EFD6314F198A2CEAD557391D731AC01C792
                                                                                                                                                                                                                                                            Function 0043D830 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID: cdef
                                                                                                                                                                                                                                                            • API String ID: 2994545307-4216504194
                                                                                                                                                                                                                                                            • Opcode ID: d9e8f1ee42311986f1eec1db1d15d5cb27079d05f35c354e80ab23b15ff2b9d0
                                                                                                                                                                                                                                                            • Instruction ID: d704160fc5b89d86d9794d8a66ae716d782a0973953182dc9c1641cf0cee7e05
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9e8f1ee42311986f1eec1db1d15d5cb27079d05f35c354e80ab23b15ff2b9d0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30815471A083108FC718DF24E88096BBBA2EFDA310F19993DE9D557352C735AC05C786
                                                                                                                                                                                                                                                            Function 009D734A Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: gfff
                                                                                                                                                                                                                                                            • API String ID: 0-1553575800
                                                                                                                                                                                                                                                            • Opcode ID: c5d9ff75fed77c201b8d14b3cc3b758706ca82fef0a51ed8aa8899dc59fb4eb5
                                                                                                                                                                                                                                                            • Instruction ID: 4420d7c50ff8d3bb4aa8bfbb302880d2d91d5f63d502801f13141e8a5247aa2f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5d9ff75fed77c201b8d14b3cc3b758706ca82fef0a51ed8aa8899dc59fb4eb5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD910271654B428FD314CF78C891BA6B7D2EB86314F58C57DD09A8B7A6EA78E402C740
                                                                                                                                                                                                                                                            Function 009D77E9 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: c$
                                                                                                                                                                                                                                                            • API String ID: 0-2516980088
                                                                                                                                                                                                                                                            • Opcode ID: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                            • Instruction ID: 0dc3b609faccb9001481474114afaab5851546570a7993d1c975111349aada76
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C59197B0504741CFE7648F25C4A4B63BBB2FF46318F19968DC4864FBA1E379A846CB94
                                                                                                                                                                                                                                                            Function 009EB393 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: Fg
                                                                                                                                                                                                                                                            • API String ID: 0-875302535
                                                                                                                                                                                                                                                            • Opcode ID: 42a71ed4ddc16415858e4dfc4422956aad04ddc95995e0a2601de5add053e1e2
                                                                                                                                                                                                                                                            • Instruction ID: 938112e25fdbf15f9a364e5bae825ba337e0ca95b905e9fe0a73da4e09799f39
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42a71ed4ddc16415858e4dfc4422956aad04ddc95995e0a2601de5add053e1e2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE81C57121D3C08BD7698F25C8617BBBBD7EBD2314F18896DD1D98B292DB38440ACB16
                                                                                                                                                                                                                                                            Function 0042B12C Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: Fg
                                                                                                                                                                                                                                                            • API String ID: 0-875302535
                                                                                                                                                                                                                                                            • Opcode ID: cec98c6035f8278796335b79b8fe425f66d685e3fc2c40d87c06063720ff0d23
                                                                                                                                                                                                                                                            • Instruction ID: 81bd39487229f81fa75b1a19b8121f8c05985a2d1a0f7b16a24bef680633e699
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cec98c6035f8278796335b79b8fe425f66d685e3fc2c40d87c06063720ff0d23
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F81E47121D3808BE768CF25C8657ABBBD2EBD2304F58896DC1C987392DB38440ACB56
                                                                                                                                                                                                                                                            Function 009C6117 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: ,
                                                                                                                                                                                                                                                            • API String ID: 0-3772416878
                                                                                                                                                                                                                                                            • Opcode ID: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                            • Instruction ID: dd5f68ded8ee8563b2a81314c2669c7d116ef2f42757b7e4de8cb6133315d1a0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44B117715083859FD325CF18C980B1BBBE0AFA9704F484A2DE5D997782D631E918CBA7
                                                                                                                                                                                                                                                            Function 00405EB0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: ,
                                                                                                                                                                                                                                                            • API String ID: 0-3772416878
                                                                                                                                                                                                                                                            • Opcode ID: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                            • Instruction ID: 6b9defcb35fa499ff27616791264c6e5e8496363bec20089c87d7e70d31ec12b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72B136701087819FC321CF18C88061BBBE0AFA9704F444E6EF5D997382D635E918CBA7
                                                                                                                                                                                                                                                            Function 009DB348 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: js{g
                                                                                                                                                                                                                                                            • API String ID: 0-1014319796
                                                                                                                                                                                                                                                            • Opcode ID: 2bedd816319602fe80fa94cf924704a6c11e2863fdffa8fa3602250936590e55
                                                                                                                                                                                                                                                            • Instruction ID: ba38087278895582cecd20c2364938350910473bf6be709b4f61e639a3c4dadd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bedd816319602fe80fa94cf924704a6c11e2863fdffa8fa3602250936590e55
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14813371245B808BE7398F35C8517ABBBE2AB92718F08895CD1C39BF95C378E406CB00
                                                                                                                                                                                                                                                            Function 0041B0E1 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: js{g
                                                                                                                                                                                                                                                            • API String ID: 0-1014319796
                                                                                                                                                                                                                                                            • Opcode ID: 9c18fcfdf183d3e6e2325b026543344db9fcf0b9b7ccceb31fbfaeb5f3b5c64c
                                                                                                                                                                                                                                                            • Instruction ID: 14be18684298a51b6f1365b8eea6b5aba3066a4a8cfe6059be97ad669d3f7baa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c18fcfdf183d3e6e2325b026543344db9fcf0b9b7ccceb31fbfaeb5f3b5c64c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF815671650B804BE7398F35C8517ABBBE2AB56718F08895DD4D39BB85C378E406CB44
                                                                                                                                                                                                                                                            Function 0041714B Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID: gfff
                                                                                                                                                                                                                                                            • API String ID: 2994545307-1553575800
                                                                                                                                                                                                                                                            • Opcode ID: edeab19d381afadd31cc405ebd905f0fbf719b22c328d17ebe50dae378019542
                                                                                                                                                                                                                                                            • Instruction ID: c6a45f7a1688543314b9a3a30fef6f223fff4d1289bb41df6adbe344278a34bf
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edeab19d381afadd31cc405ebd905f0fbf719b22c328d17ebe50dae378019542
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F81D2717147418FD325CB39CC50BA6BBE2AB95308F18C57ED096CB7A6EA78A842C744
                                                                                                                                                                                                                                                            Function 009FD557 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                                            • API String ID: 0-2948842496
                                                                                                                                                                                                                                                            • Opcode ID: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                            • Instruction ID: a1c15f8d2965d76f99b684974ca4b7d4fad31cf5e459510de006bc151b3eede4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A781AD756052059FD714DF28C881A7BB7E6EF99314F19862CE6848B3A5EB31EC41CB42
                                                                                                                                                                                                                                                            Function 0043D2F0 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                                            • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                            • Opcode ID: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                                            • Instruction ID: 39294a001ccb7b60b57bd072fead094b817a0247c43ae1e4845dbb8435dacfda
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B81C274A04201AFD714CF28E881A6BB7F2FF99314F15A52DE5858B3A1DB35EC11CB46
                                                                                                                                                                                                                                                            Function 009D73B2 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: gfff
                                                                                                                                                                                                                                                            • API String ID: 0-1553575800
                                                                                                                                                                                                                                                            • Opcode ID: de86720abe9662384bfc4389f4b275199587a53d7c35c6b33b3c21993df62823
                                                                                                                                                                                                                                                            • Instruction ID: 714589bfc6f40819c0252fe5351417c1de45a69efafccdfd74a5c303bf019ced
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de86720abe9662384bfc4389f4b275199587a53d7c35c6b33b3c21993df62823
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B571D271644B424BD315CB79C850B66BBD2AB95304F1CC57EC096CB7A6EA78E842C740
                                                                                                                                                                                                                                                            Function 009EA637 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: "
                                                                                                                                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                                                                                                                                            • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                            • Instruction ID: b6047ccb6841477b95a39c29ed17e7094dbf3d7f730a04e648923219930d6b71
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59711832A083958FD716CE2EC88031EBBE6ABC5750F19C92DE4949B3A1D235ED458B47
                                                                                                                                                                                                                                                            Function 0042A3D0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: "
                                                                                                                                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                                                                                                                                            • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                            • Instruction ID: 4b2f630bb6a68757ad0504ce5be77257e5761d12b45ca5ba0373d51c8e5240e3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22710532B083259BD714CE28E88431BB7E2ABC5710F99852EEC948B391D379DC55878B
                                                                                                                                                                                                                                                            Function 00424502 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: DB
                                                                                                                                                                                                                                                            • API String ID: 0-3908451873
                                                                                                                                                                                                                                                            • Opcode ID: 0ddf0731ddfeaa883e7311870e36d02f96856f6d12ce1652dd7f7008e8803fec
                                                                                                                                                                                                                                                            • Instruction ID: 63fe74dcdf674bdd3faef37b2e0283437cd793175f1af46cf0498e51130e9ee1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ddf0731ddfeaa883e7311870e36d02f96856f6d12ce1652dd7f7008e8803fec
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A381B67AF04225CBCB18CF64D8905AEB7B2FFDA710F59806AC841AB355DB349D42CB54
                                                                                                                                                                                                                                                            Function 00424A74 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: LB
                                                                                                                                                                                                                                                            • API String ID: 0-539997225
                                                                                                                                                                                                                                                            • Opcode ID: d02495da20a3f8a7219353459d550f72d20704d827e4251e17801bf690faaf74
                                                                                                                                                                                                                                                            • Instruction ID: 190c79d128488961cfb389f9b0ffad8fedd0031ada35975bf34f4c17adb32e46
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d02495da20a3f8a7219353459d550f72d20704d827e4251e17801bf690faaf74
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1618E31B412228BDB18CF29E8A12FBFBE2EF91310B58466ED4574B3C1D7389941D799
                                                                                                                                                                                                                                                            Function 009DDFB7 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: Y*>
                                                                                                                                                                                                                                                            • API String ID: 0-3862480330
                                                                                                                                                                                                                                                            • Opcode ID: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                            • Instruction ID: 38ec4a9d731439dc86501d42afd90011d56cf795d160befb3a625946cb2dcf07
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E51F633B9D9914BE72C993C9C222A6AA934BD6234B3DC77BD4B1CB3E5D5B94C058340
                                                                                                                                                                                                                                                            Function 0041DD50 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: Y*>
                                                                                                                                                                                                                                                            • API String ID: 0-3862480330
                                                                                                                                                                                                                                                            • Opcode ID: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                            • Instruction ID: 90e50e1672eaf7fe8d97f2f09bdb4033b3ef25f85dbdb073c688402916a0328e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C510573F499814BD72C893C5C223EAAA834BD6234B2DD77BE4B2CB3E4D5698C464345
                                                                                                                                                                                                                                                            Function 009E8009 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: m
                                                                                                                                                                                                                                                            • API String ID: 0-3775001192
                                                                                                                                                                                                                                                            • Opcode ID: 41b4e45d489525032a7ff55d2696e510600e92b2c3d7551ddfae36ad8bd27945
                                                                                                                                                                                                                                                            • Instruction ID: 4f477f4f1f2510dff8f6f1a9ac2e5331550bad4f1fe2c63ff8732072b6df1f5f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41b4e45d489525032a7ff55d2696e510600e92b2c3d7551ddfae36ad8bd27945
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE5124B19083808FD720DF65849166FBBE5AFD2304F09892DE5D94B352DA39DD09CB92
                                                                                                                                                                                                                                                            Function 009FA9DE Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: w
                                                                                                                                                                                                                                                            • API String ID: 0-2991200456
                                                                                                                                                                                                                                                            • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                            • Instruction ID: 7fb5e12b531fac8803d647da9c47137fd3bba8d30975a67fee4d3174c44fca4f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C94126B6E116258FD704DFA4CD855BBBB72FB84315B0AC1A8C8847B31AD77869078BD0
                                                                                                                                                                                                                                                            Function 0043A777 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: w
                                                                                                                                                                                                                                                            • API String ID: 0-2991200456
                                                                                                                                                                                                                                                            • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                            • Instruction ID: 72f7098589d43736da4273b9d7e3299e197f10f25cbeea51759b9c2434ba13e7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E4119B6E116558FD704DFA4CC855ABBB72FB88315B1AC1A8C8847B319D77868078BD0
                                                                                                                                                                                                                                                            Function 009FCFC7 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                                            • API String ID: 0-2948842496
                                                                                                                                                                                                                                                            • Opcode ID: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                            • Instruction ID: 8e2250f40c23f9ef216f3511d227715363ead1e32495e035c012b936fc39770e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C3106343063086BE7109F24DC81B3BF7AAEB96714F28492CE68493291DA61EC51C756
                                                                                                                                                                                                                                                            Function 009FD0F7 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                                            • API String ID: 0-2948842496
                                                                                                                                                                                                                                                            • Opcode ID: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                            • Instruction ID: 3646f946d420ddfc8ca3f2bda83a4be6a139dc80bedba49e2a85c701459f7868
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F831077430A309ABE7148B249C81B7BB7EAEB87714F24492CE78497291D730EC50C796
                                                                                                                                                                                                                                                            Function 0043CE90 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                                            • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                            • Opcode ID: eabeb2773ff9bbc58c6c2f5a50c7ebc9f6505f28b325af4d1c0bf5b4a04395ef
                                                                                                                                                                                                                                                            • Instruction ID: 0aea9c019cfcbf9c29137c9c12aa4ed540cc4986b7a763f7409eb823f2adcf13
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eabeb2773ff9bbc58c6c2f5a50c7ebc9f6505f28b325af4d1c0bf5b4a04395ef
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9831D474308300AFE7109B249CC1B3BF7A6EB8A718F24692EE584A72D1D665EC10875A
                                                                                                                                                                                                                                                            Function 009E6739 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: dB
                                                                                                                                                                                                                                                            • API String ID: 0-2104629891
                                                                                                                                                                                                                                                            • Opcode ID: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                            • Instruction ID: 88d28f4539103711ef6104adbc4c901a24cbbd6804f5379e7088d630b29811a1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DA00129A9E6548AD2119F4494927F0F778E31770AF1438289904AB153D196E950864C
                                                                                                                                                                                                                                                            Function 004143C2 Relevance: .8, Instructions: 805COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                                            • Instruction ID: d6216dced0a3b9436857ee0068e0dff51503e5ecb223af83f8720e1cf69b390d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F02242B56082009FE7149F24EC41B6B73A2FBDB300F55893EF6C487292DA799C41CB4A
                                                                                                                                                                                                                                                            Function 00416BA5 Relevance: .7, Instructions: 688COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 5a7678f017f308848797c1ab2fc33ccddf339249d7514e43f7e0819896a5eda0
                                                                                                                                                                                                                                                            • Instruction ID: 9c79f7e63c480dd40f7a7ccc60d41b21814d9940eb0dc65dd07d8a453e372cf2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a7678f017f308848797c1ab2fc33ccddf339249d7514e43f7e0819896a5eda0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16120E35204B018FD325CF29C8907A3BBE2EF9A314F19866DD4DA8B795D738E846CB54
                                                                                                                                                                                                                                                            Function 009C3207 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                            • Instruction ID: 794423d7b2badb1c1956393b8b5ea7b20ae1cebc742dd9c6a852ff366f9cb341
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D52C3719083858FCB15CF19C090BAABBE1BF88318F19CA6DF89957341D775DA49CB82
                                                                                                                                                                                                                                                            Function 00402FA0 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                            • Instruction ID: b7901f3288d9e4572b9bc57ce4c79cacd886df45a950704f10474c7163005246
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE52F4715083458FCB14CF18C0806AABFE1BF89315F18867EF8996B391D778EA49CB85
                                                                                                                                                                                                                                                            Function 009C6947 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: f260d4ba8b532cff43b70e0305cc444787dac05339277c8b44483d328b2ca1f5
                                                                                                                                                                                                                                                            • Instruction ID: 73ed931069a6ad48ea0bb8d1ad318688fd48028c98e58b538b5848da6dba84f0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f260d4ba8b532cff43b70e0305cc444787dac05339277c8b44483d328b2ca1f5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD52C770E0C7848FE735CB24C884BA7BBE5AB51314F144D2ED5EB46AC2C279A985CB17
                                                                                                                                                                                                                                                            Function 004066E0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 7b0d0db576f8f4a099c36225a03624d7682871d61e803cbbd0c0fa625a463efe
                                                                                                                                                                                                                                                            • Instruction ID: f9402e00db0146810cf529bce4eeb96ef771652ee20e7226bad8efb3fef3d353
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b0d0db576f8f4a099c36225a03624d7682871d61e803cbbd0c0fa625a463efe
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA52C7B0A08B848FE735CB24C4843A7BBE1AB51314F15893FD5E716BC2C27DA995C71A
                                                                                                                                                                                                                                                            Function 009DF347 Relevance: .6, Instructions: 640COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                            • Instruction ID: 30e0a96acc7f5ddc2c4a6e1da509a9b914e5c6daf269f0d5852970fc5bba88e3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66624BB0608B818ED3258F3C8855797BFE5AB5A314F048A5DE0FE873D2C7B96405CB66
                                                                                                                                                                                                                                                            Function 0041F0E0 Relevance: .6, Instructions: 640COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                            • Instruction ID: d272bb6b5d6e2c7a5f0cafe8b1d1f27913d4ef5c9ad92f98558892845c7f91e7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5625CB0608B818ED325CF3C8855797BFE5AB5A314F048A5DE0EE873D2C7B96405CB66
                                                                                                                                                                                                                                                            Function 009C3C27 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 678ad88440436fc2347c77ec1617077ed1d00620730d0d2d7e6321ebe71b5d32
                                                                                                                                                                                                                                                            • Instruction ID: 8b468616f4a1e7439e7d76607041ca0c2bd1e0c8c029d3e6787e200f8d56d435
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 678ad88440436fc2347c77ec1617077ed1d00620730d0d2d7e6321ebe71b5d32
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB323570A14B118FC368CF29C590A6AB7F1BF95710B608A2ED6A787F90D736F944CB11
                                                                                                                                                                                                                                                            Function 009C7717 Relevance: .6, Instructions: 595COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                            • Instruction ID: 78def27d36f824f2f095ac6d759e249478c17a260396470ebaf1a4bfcb8284b5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A602C232A0C7518BC724DE68D881BABF3E6EFD4305F19892DD98687285E734A905CF53
                                                                                                                                                                                                                                                            Function 004074B0 Relevance: .6, Instructions: 595COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                            • Instruction ID: 1131e2afb1b9b7a06d06e0851762e967182e12a53f43e8bd2da4f6050e1e8ff1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C802C732A0C7118BC724DE18D8816ABB3E2EBD4345F19893ED586A73C5D738B815CB4B
                                                                                                                                                                                                                                                            Function 004180A9 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                            • Opcode ID: b9cd94a92c7e0d93f0c1db0f6149aa8383bb4963fce823e7fd41077e0e8b1306
                                                                                                                                                                                                                                                            • Instruction ID: 6564eefc0a79269b3db00a3a3e2fdb8cf1d61b2510fe7412d98733e2447c0821
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9cd94a92c7e0d93f0c1db0f6149aa8383bb4963fce823e7fd41077e0e8b1306
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CC128342047418FD7258F28C890AA7BBE1FF9B310F58896ED4D6477A2CB75E846CB58
                                                                                                                                                                                                                                                            Function 0043C280 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                            • Instruction ID: 2610ce8d2ada8b42ce1f8a49459609e4fff09a6b757421d9f45879ca41997f09
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D10E36A187508FC704CF28D8D162AB7E2BBCE314F09897DE98687396D738D905CB46
                                                                                                                                                                                                                                                            Function 0043C1F0 Relevance: .4, Instructions: 406COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                            • Instruction ID: b593eabd3734573ca464a0f0c89662c3852b345cc910da406a972fedca83911a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CDC1ED3AA18611CFC704CF28D8D066AB7E2FB8E315F19887DE98687352D738D945CB46
                                                                                                                                                                                                                                                            Function 009C5C57 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 9f2680bab9b6854d00e0753734e73372bb980c2eb61b62fe20cb4c3e0bac24b1
                                                                                                                                                                                                                                                            • Instruction ID: 937de294dcf2728e41ba19280ffb08ff112852b33244f94e2d71d6ad924684e2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f2680bab9b6854d00e0753734e73372bb980c2eb61b62fe20cb4c3e0bac24b1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3E177315087818FD724CF29C880B6BBBE5EF99300F448C2DE5D987752E275E989CB96
                                                                                                                                                                                                                                                            Function 004059F0 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 2e3d702f462c947c04f76d2767d49a70cc8d8a13f72f5fef100d598c3194e41d
                                                                                                                                                                                                                                                            • Instruction ID: 93b8c5387be001e94cab0129f885dbabef0bc68014b552001e05b684e15851e5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e3d702f462c947c04f76d2767d49a70cc8d8a13f72f5fef100d598c3194e41d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48E19A712087418FD720DF29C880A6BBBE1EF99304F44882EE4D597792E379E944CB96
                                                                                                                                                                                                                                                            Function 004166A0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                            • Instruction ID: 32691a19542b475e5b32abf01bf61a59727b98503660fe5e1cf9ea7214f750c2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBC1CEB4600302CFD7248F25C8917A2BBB1FF46314F1986ADD4964F792E778E885CB95
                                                                                                                                                                                                                                                            Function 00428BC0 Relevance: .4, Instructions: 370COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 388e2b6d0a182aa95bd5de263f76d1b454a1f9af5a69695319d1fde35becd882
                                                                                                                                                                                                                                                            • Instruction ID: f9929a72ce68a40c3f81f5f1acad1d241ce5af9a0f8176ac8c595b8a2b44423d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 388e2b6d0a182aa95bd5de263f76d1b454a1f9af5a69695319d1fde35becd882
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDD15535B05255CFDB14CFB8E8816AEBBB2AF1A300F58417DE551A7392CB388E05CB59
                                                                                                                                                                                                                                                            Function 009D9541 Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 0a6ff38b7f88a38b39f0feb0216d1201f336bfe1d4496b7dedc26c113c3b1706
                                                                                                                                                                                                                                                            • Instruction ID: 83027762f4ae7f0d8ac44678af387e21718c3b67fee839a66128691b781855df
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a6ff38b7f88a38b39f0feb0216d1201f336bfe1d4496b7dedc26c113c3b1706
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6A12470201741CFD729DF28C8A1A6677F2EF96314719C69DD4A68F7A5EB38E801CB50
                                                                                                                                                                                                                                                            Function 004192DA Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 07b520a97f650d78ec3e4206198fbb7b152170e0c1bb9b71eb1cf8cd26d43cec
                                                                                                                                                                                                                                                            • Instruction ID: c7afa36b394fec79d3864c076b52a9d2828a05187d2106694a5d2b7072183649
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07b520a97f650d78ec3e4206198fbb7b152170e0c1bb9b71eb1cf8cd26d43cec
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30A11571205701CFD329CF28C4A19A777E2FF8A310719869DD4A68B3A5EB38AC41CB54
                                                                                                                                                                                                                                                            Function 009C9967 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                            • Instruction ID: 14400923bb182379ed7adeb316bae0befb37f9d6970c996f2f6b05a7f1c7b572
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13C103B1A0C3808BD318DF25C855B6BBBE6EBD2304F14482DE4D68B291DB35C90ACB57
                                                                                                                                                                                                                                                            Function 00409700 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                            • Instruction ID: 2e87a28a76dba4f31cae47dba0fb7e22e1a8f98f0dc0d4366023ba0889080103
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35C105716083808BD318DF35C85066BBBE6EBD2314F14893DE4D697392DB39C90ACB56
                                                                                                                                                                                                                                                            Function 00414070 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 5eec315c10c9a67952a9793dbef498c3585f4719540dfb14f25a11beae5eb4f2
                                                                                                                                                                                                                                                            • Instruction ID: 3a875cd6648c61770c451858fbf1e99b01c2ef70bfb09da3693ab00193ad4cb1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eec315c10c9a67952a9793dbef498c3585f4719540dfb14f25a11beae5eb4f2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 478134B15143048BC728DF24D8A26B7B3F0EF95354F08892EE98687391F738D989C766
                                                                                                                                                                                                                                                            Function 009DD847 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 7d343a94ccc60b0ac76136acfacaf03ec9124c15c7c37e786dc5ab8e490f6e03
                                                                                                                                                                                                                                                            • Instruction ID: 98886ce0dc5a9f7d9ce236bd3e6bd69dd7ec82331777f9c80781403a99f4c983
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d343a94ccc60b0ac76136acfacaf03ec9124c15c7c37e786dc5ab8e490f6e03
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EB10475949201AFD7209F24CC41B2ABBE1AFD5324F15CA3EF8D8A73A0D7369905DB42
                                                                                                                                                                                                                                                            Function 0041D5E0 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 6cf664f652a807fb332ea88b5576aae59d3ab4033112652d5c76049a14ce75c6
                                                                                                                                                                                                                                                            • Instruction ID: 4462778536881e7fad7e7429092b9e4e0939b3ac367c8c146f109192ca963606
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6cf664f652a807fb332ea88b5576aae59d3ab4033112652d5c76049a14ce75c6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22B1E4B5D04301AFD7109F24CC42B5BBBE1ABD5318F144A3EF8D8A32A1D7399945DB8A
                                                                                                                                                                                                                                                            Function 009F5AF7 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                            • Instruction ID: 39306a163ae749a0e87f2cd33fa8ccfe98583a567fc497073d28d1be371a9ac2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7B17F72E04B958FC705CA7CCC4166ABFB25B97320B1EC399D6A5DB3D6C6398802C761
                                                                                                                                                                                                                                                            Function 00435890 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                            • Instruction ID: 82f263c77167ee55bcd91cd3b2c817a9180a54af617eadf61d99f91933eb0c98
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28B15B72E04B918FC715CA7CCC8169ABFB25B9B230F1DC399D4A5DB3D6C63998028761
                                                                                                                                                                                                                                                            Function 009C64B7 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                            • Instruction ID: f85fea7340227353adbb39c16b852fc7287cb92f70481316ab29017e4ff090da
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64C14BB2A487418FC370CF68DC96BABB7E1BF85318F08492DD1D9C6242E778A155CB06
                                                                                                                                                                                                                                                            Function 00406250 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                            • Instruction ID: 6c2276beaf566b9a9bdc1ff0447d0761e6db3ed1e3725ba86175889a0c87908a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5C16CB29087418FC360CF28DC96BABB7E1BF85318F09493DD1DAD6242D778A155CB0A
                                                                                                                                                                                                                                                            Function 004082AE Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: b60e4508a8573308057a18d506d0e04534aaf532080dedfe112986a424425a5f
                                                                                                                                                                                                                                                            • Instruction ID: 9bc7db52ed85e8ce12a1b60bd9a2e1d492efdcd6eda8f0880cc64574571f8d9a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b60e4508a8573308057a18d506d0e04534aaf532080dedfe112986a424425a5f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8911D31A087415BC7188E29DDD026EBBD3ABD1320F1D8A3EE8E5273D5DB3C59058B85
                                                                                                                                                                                                                                                            Function 009D7BA7 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 82812cdeafcd33f0fc968029d79aa7a24ca844b7ad5e98367da50fc895b2220f
                                                                                                                                                                                                                                                            • Instruction ID: 99d7789e6fbc224eddd668b9831e55274060f9aea94396783bba55fb27ed582e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82812cdeafcd33f0fc968029d79aa7a24ca844b7ad5e98367da50fc895b2220f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7671F2382586009FD7658F64C9C0A7AF7A7EF96314B29D92DD1D6473A2E731EC42CB04
                                                                                                                                                                                                                                                            Function 009F9107 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 908f5c4351c674361b7bf87d10fb2e8a93db02d5169a9e62b5518be8655f3495
                                                                                                                                                                                                                                                            • Instruction ID: 7da6427977d37263ecda1007379be9311bceddde12dc27f4926ba07ca50f9d97
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 908f5c4351c674361b7bf87d10fb2e8a93db02d5169a9e62b5518be8655f3495
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73516276B082454BE718DB29CC91B7FBBD2EBD1710F19853CE6C2972C1DA319C018346
                                                                                                                                                                                                                                                            Function 00438EA0 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                            • Opcode ID: e58758c0c99ce53ee986e1c274d2b7879ae1e66bef164fde616ad3cbe13cbd39
                                                                                                                                                                                                                                                            • Instruction ID: 96e128fd99fbf524e2f3ef55e43501592b1a8fdc9f4199c5c04fa81f22471a0d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e58758c0c99ce53ee986e1c274d2b7879ae1e66bef164fde616ad3cbe13cbd39
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96517276A083404FE718DA29CC51B2BB7E3EBD9314F19953EE5C297381DA799C01838A
                                                                                                                                                                                                                                                            Function 009FD7E7 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: b458a4b395c5c8ee69f5f2b006b0e563729d6c6f05da1ba1057fcc05e7f9fb9b
                                                                                                                                                                                                                                                            • Instruction ID: f3a51e91eb3eaa93e60038d9e997fdbc9ab83cebd7fe9f9d8ff2f4d1becb65e3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b458a4b395c5c8ee69f5f2b006b0e563729d6c6f05da1ba1057fcc05e7f9fb9b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF81037160A3159FC7648B18C881A7BB7E6EFC9310F18852CFA95873A1D731EC91CB82
                                                                                                                                                                                                                                                            Function 0043D580 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                            • Opcode ID: 4e8deb904bd57a38d5db16f622e75ca6e8515c759adf41183e1257d8dc022a60
                                                                                                                                                                                                                                                            • Instruction ID: 64328250301a943c4221b3aea1d0af6b203cdad55f8ce28cbce5e8ab6c8a38f2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e8deb904bd57a38d5db16f622e75ca6e8515c759adf41183e1257d8dc022a60
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D812035A08310AFC7248F18D881A6FB7E2EF89314F14992DF9958B391DB35EC51CB86
                                                                                                                                                                                                                                                            Function 009DDC47 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                            • Instruction ID: 76f2e77573fe093250bee47299e7c27c118e48fd77bdb4cdb08e55b369413d7a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5711833B9A9914BE728893D4C213A67A930BE6330F2DC77EE5F58B3E5D5694C058350
                                                                                                                                                                                                                                                            Function 0041D9E0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                            • Instruction ID: c9f1a56c5cc6f557c9c63b1b84e3a6a9080bfa3b27e02a379f5ce7dab310694a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75711673B499904BE328893C4C213AB6A830FD6230F2DC77AE5B68B3E5D5698C468345
                                                                                                                                                                                                                                                            Function 009F9607 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: d2f966890577f15959edc4de71345d5fecb794fae90f6da87e8e32d5ae83de50
                                                                                                                                                                                                                                                            • Instruction ID: 0790e38dfd482fc51d6c8cc1b5f287a1ee56b2b7830779b1c319df7a36b07ddf
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2f966890577f15959edc4de71345d5fecb794fae90f6da87e8e32d5ae83de50
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75612737B243105BE718CE69CC9073AB7D6ABD9760F19C23CEA96872D0DA749C01C782
                                                                                                                                                                                                                                                            Function 004393A0 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: e2defeb47ced1666dcc5d40c491d5d47036e27bb510cd2a5827aa3a977f25a96
                                                                                                                                                                                                                                                            • Instruction ID: e0a57f83dc16a7a8da3cda248db75e741f620206b22b691e391221bf57496f6d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2defeb47ced1666dcc5d40c491d5d47036e27bb510cd2a5827aa3a977f25a96
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8616837B193105BD718CE69CC9066BB7D2ABCD320F09922EE995833D1CAB88C02C385
                                                                                                                                                                                                                                                            Function 009EF397 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                            • Instruction ID: 8bc4762e59896548e8539732e091857b1e709d8c9c96e99bd281e68fec12c93a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6711727A4AAD04BD32A893D4C712AA7A830BD6330F6DC77FE9F5473E6D5694C068341
                                                                                                                                                                                                                                                            Function 0042F130 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                            • Instruction ID: 93e46a8bd3da194c47575791ec0c02f08c3a6f4472264f5d459ff5c5938f4a7b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF712827B49AA04BD318893C5C612A66AA30FD2330FEDC77FE9F1473D5D5694C0A8359
                                                                                                                                                                                                                                                            Function 009FD307 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 64b1c9c5f56f139aa65c1abfed3263135776d97135dd74b25c5f35881b33ae15
                                                                                                                                                                                                                                                            • Instruction ID: 42151f1d9cad96be5876f442ad389e44ae92a4d83b39cf604f39fc3c00195241
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64b1c9c5f56f139aa65c1abfed3263135776d97135dd74b25c5f35881b33ae15
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 785134716083059BD7249F19C881A3FB7E7EFDA314F29883CE785473A5EA71AC518742
                                                                                                                                                                                                                                                            Function 0043D0A0 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                            • Opcode ID: 0e87dfdf556a0c711327e89229684132eea6e28a06d28a898aa22cd66f13d778
                                                                                                                                                                                                                                                            • Instruction ID: c6b6bb5faf057b6a68f3e5ff18d61b6d7d9c128f7451342645401fa614298587
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e87dfdf556a0c711327e89229684132eea6e28a06d28a898aa22cd66f13d778
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3514831A083009FD7249F18E881A2BB7E2EFDD310F25A93DE58547351EA75DC51C74A
                                                                                                                                                                                                                                                            Function 009E9611 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                            • Instruction ID: 8844d7b3f2b5bb31e40242ad6866fa9e8653b1c6f18aecb2a414f1cb34990b30
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E871AE71D043699FEB25CFA9CD817DDBBB2FB80310F18816DD459AF289DB7419468B80
                                                                                                                                                                                                                                                            Function 004293AA Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                            • Instruction ID: bd453bbf85e71c37a0fde588b6316f789c56ba706437bc4c9fe4a45325bf71d6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6771AF72D043689FEB25CFA9CD817DDBBB2FB80310F18816DD459AB289DB741946CB84
                                                                                                                                                                                                                                                            Function 009DEC17 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                            • Instruction ID: 02f03cbd6dabd8d9e0a7f00e636d3e6b3d754e7c1b5235f833dfd19c6d897341
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E6146356483904FC725DF38C851A2A7BE1AF96310F48C6AEE8E48B3D2DA75DC05D792
                                                                                                                                                                                                                                                            Function 0041E9B0 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                            • Instruction ID: 005a84f34606d807ef7803f473bdaa3d6e6b3e5a6c55ca812da06d8011db77a6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19613839A0C3914FC325CF39C88095B7BE16F96314F4881AEECA54B392D639EC45D796
                                                                                                                                                                                                                                                            Function 004369A0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                                            • Instruction ID: 79698480e789f394c927d8fe7c13ac859d6e499323d4242f8a9ce8e9df0e27f7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75516875608301ABD310AF65DC81B2BB7E5EB9A704F16A83EF58197281D7B8DC00DB96
                                                                                                                                                                                                                                                            Function 009E4CF4 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 397dd7719a72b64fe6fd9bff4a2b0e0990fccc0e48aff55cf7b07deb802e575f
                                                                                                                                                                                                                                                            • Instruction ID: e8316154fd1f91384daa4cb7890e573a47fb120db9abc58798ee293bec732bde
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 397dd7719a72b64fe6fd9bff4a2b0e0990fccc0e48aff55cf7b07deb802e575f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD516D71E012828BDB29CE26C8A16BAFBE2FF51320B18466DD5964B3C1D738AD41D781
                                                                                                                                                                                                                                                            Function 009F5897 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                            • Instruction ID: 722306e7fdb8dc597cfbd368a448b50f1a1e3e908a49b46dc7a8b230d775907d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34516CB15087588FE314DF69D89436BBBE1BBC8314F154A2DE5E987350E379DA088F82
                                                                                                                                                                                                                                                            Function 00435630 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                            • Instruction ID: c2a6bcafcd54fac281a485024f5f1ed9cd6e16fab59c4b6ddada49184fd56f0c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB516BB15087548FE314DF29D49435BBBE1BBC8318F444A2EE4E987351E379DA088F86
                                                                                                                                                                                                                                                            Function 009D6907 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                            • Instruction ID: edd0c752df9c696d24016fc599ae62ebe1c33311c495907ed4550bf1409b2e5d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6618AB16003068FE728CF65D891252FBA1FF46300F0996ACD0998F752E378E981CF85
                                                                                                                                                                                                                                                            Function 009F1157 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                            • Instruction ID: 8ddc5b07bae307e9b62bf7547a36bd9d857d638495848f7eba82eb2f986b1411
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F51F433B599918BD328853C5C623BA7AD30BD6330B2DDB7AE6B1CB3E1D5598C058390
                                                                                                                                                                                                                                                            Function 00430EF0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                            • Instruction ID: d7cad542098786fb583f31be900ecfd8ec374eacf30312457ad000f908a343a7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46512433A5A9D04BD32C853C4C623A66AD30BDA330F2DA77BE5B1CB3E1C56D88064355
                                                                                                                                                                                                                                                            Function 009ED7E5 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                            • Instruction ID: a3ad9ce95717180b9902f1cb9b86fcafbc48510213760deca26217507b0f49ca
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F51B073B129404BC71DC93D8DA126AA6D3ABD933072E873DD476CB7D5EA78EC028600
                                                                                                                                                                                                                                                            Function 0042D57E Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                            • Instruction ID: 3e54edccfae4d99a9dc067fb7438e7a0f7318be64c596df77be4d10cba28c441
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E651A173B569104BC71CC93C9DA166AA6D3ABD933076E873DD476CB7D4EE78E8028600
                                                                                                                                                                                                                                                            Function 009FB2CF Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                            • Instruction ID: 4010dde4b58cd7c1a7d9c04c6fc9b1b9b3b6a42bc718cf90d58e2fb860184ef9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4415A76E687188FC328EF64D8C057AB3A2ABDA314F1E853CCAD617354DBB45D008749
                                                                                                                                                                                                                                                            Function 0043B068 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                            • Instruction ID: f3345cb18c34d22cea7c76b8972ea9c026089d6dd7aab1ac627898e589a0e88a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E416676A687148FC328DF64DCC427BB2A2EBDA310F1E952D8AE61B354DB644D018689
                                                                                                                                                                                                                                                            Function 009EB0AF Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                            • Instruction ID: b3e801c7307bfb84cf240dc7f977372f3d86559466721ebbcb35b78b044d1f8c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7841B4A010C3D18ADB368F3980607BBBBD59FA3219F1849ADC3D597642D7754407C759
                                                                                                                                                                                                                                                            Function 0042AE48 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                            • Instruction ID: 6458c2a36ad1cb1d3c56fad7511fb74c051b1bd8ee895f970e959f4703a01e69
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 404117A02083D18BD7358F3990607B7BFD19FA3219F5948ADC6C597283D7784007C71A
                                                                                                                                                                                                                                                            Function 009CCB7E Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                            • Instruction ID: 1e5f8e9dd71f954e57c32826a3fb58c008a87b26d108d8442aa760d2792580b0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8051477991C3418BD324CF24D840A6BBBF2EFD6315F18995CF88AA72A5DB309906C746
                                                                                                                                                                                                                                                            Function 0040C917 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                            • Instruction ID: f0dfe561e574c5b04bf144357c30d0d8e3624fae8d6a5d5d31a0a28d0469a5e5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4515A7551C3408FD324CF24D880A6BB7F2EFC6304F14996CF886A7291D7349906CB4A
                                                                                                                                                                                                                                                            Function 009D5F79 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                            • Instruction ID: c163e5bb439992626a64a78d599d8a9923de768b2e1300b4515e58578f374b3b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D14115B1A406018BD7248F3DC891B7677E2EF96314F28D52EE4D2CBBA5EA39D805C710
                                                                                                                                                                                                                                                            Function 009CC0E8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 0aff5b575bdc1cbf128a6fcaf21673d610ba054c2e19d9dceb1adbeeb882f19a
                                                                                                                                                                                                                                                            • Instruction ID: 099d043e6f678413bccdacd64d94b0a9fbcdd73d955a7c422a447842a924b7ea
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0aff5b575bdc1cbf128a6fcaf21673d610ba054c2e19d9dceb1adbeeb882f19a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 254138B564C3805FD7148B24CC96BB77BE4EF56704F1C546CE486C7292E7254903DB16
                                                                                                                                                                                                                                                            Function 009EB08B Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                            • Instruction ID: b60a6cb105c8edc7fadb63993397744294c2da52793d80816cf724e1cea8d29d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6941A3A010C3D18ADB368B3590607BBBFD4AFA3219F14599CC3D6A7683D7354407CB5A
                                                                                                                                                                                                                                                            Function 0042AE24 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                            • Instruction ID: df0643d0793dd6d859baae3aaafaf1000bf3a96435c36713bdd1cf9414b21aca
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE41B4A021C3D18BD7358B34A0607BBBBD09F93219F54599DC6D6A7283D7394407CB5E
                                                                                                                                                                                                                                                            Function 009FB2C2 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                            • Instruction ID: bf38ea545306542e42e3e81d6529ba5bb66603536c99235d4cc0f562127f6555
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E414AB5A9875C8FC228BF54DCC057AB3A5AF96320F2E492CD7E517361E7A09D008745
                                                                                                                                                                                                                                                            Function 0043C020 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: e4e9279ef52f96599ba60b9f495eba6a2778b73f1ce77f20ed8f4ad1faa0dcde
                                                                                                                                                                                                                                                            • Instruction ID: bdc763d3058119611c7ecd8a8528ac1cd9b09ae5f9eb0b7e174c524916cf2ae7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4e9279ef52f96599ba60b9f495eba6a2778b73f1ce77f20ed8f4ad1faa0dcde
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A41F33A308610CFCB08CF78E9E055A73A2FBCB315F29847DD54547622C775A956CB44
                                                                                                                                                                                                                                                            Function 009FB2C4 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                            • Instruction ID: 5b1eda8736e03562550afe7403ae1c0f169ff35a6029fa5b0e48a2d767cfd84a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD313975A9875C8FC328EF94E8C057AB3A5AB8B310F1E452C86E51B361D7B09D008749
                                                                                                                                                                                                                                                            Function 0043B05D Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                            • Instruction ID: 78121dedb2d80148adf018004532891c25ca3ce7b5d6c479fa077a4fb261e508
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C316879A587188FC328EF54E8C427BB3B0EB8B310F2E952D8AE51B350D7648D01878D
                                                                                                                                                                                                                                                            Function 009E60F7 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                            • Instruction ID: d2fcd17a149581569d89156d5130c2406d9f6d06808cc1e7a9cf0ffef84a1c0a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF418FB26083908BD734CF24C85179FBAF5EBD1214F498E2C94CAAB345E73589058B87
                                                                                                                                                                                                                                                            Function 009EB05B Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                            • Instruction ID: abbe94ee23fb3eedbf705e505d035a71fa9a0c34810af6ef5f65b7f2a2cc107d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 663182A010C3D18ADB368F259060BFBBBE4AF93219F14899DC3D5A7683D7344447CB5A
                                                                                                                                                                                                                                                            Function 009EC6C3 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                            • Instruction ID: b42fab03c903997d7113ea1084426987d791aa9b0089be49680aff17bb5e8235
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69312BB411C3C14BD7B64F295860BBABBD6DF93304F28596CD0CA87192DB364C46CB16
                                                                                                                                                                                                                                                            Function 0042C45C Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                            • Opcode ID: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                                            • Instruction ID: d85d8e7ba49753ff7f36d3ed97c285ab1e5e24199585a0ad528ba1d19501f263
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7313B602083A15BD3B58B2864B077F7BD2DF87304F68496DD0C9872A2D7289485C74E
                                                                                                                                                                                                                                                            Function 0042ADF4 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                            • Instruction ID: eb231649460b60e8b645cff36354959ad8fc4f47b4bc3ecb8744b755d441be80
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC3191A02083E18BDB358F2491207FBBBE0AB93259F54499DC7D9A7683D7384017CB5E
                                                                                                                                                                                                                                                            Function 009E89C0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                            • Instruction ID: d912d676b3b287681862246227907f98104e0542653342f53e8410b9252515bd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0831A5B26183848FC326CFA58C8067BB312EBD2744F1C893EDA8983342DB78CD019742
                                                                                                                                                                                                                                                            Function 009CDA09 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                            • Instruction ID: d9df50bbea2a7b121145cd2ad7ea08d2872e95ec0c7f694b876fd5e93d1e1cab
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6631F734A1A5019BE725AB198C40F36776BFBD6300F68D63CE0C5832A4DF34AC118B16
                                                                                                                                                                                                                                                            Function 0040D7A2 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                            • Opcode ID: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                                            • Instruction ID: 608a5c001c9016f47e6d849a3a7bf8eb37f8ca910ed307557679ae7e480cd3ab
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F31F139E146009AE325AB598C807377753FBC7300F68D13EE092A32E9DA38AC16874D
                                                                                                                                                                                                                                                            Function 009FBC08 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                            • Instruction ID: a56b66b1c0ad174566fd43dde990850dfb6284b0fc577e1a2594264cf776ffb5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA21292171869547D718DE3EC8D113BFBD79BDB214B08C63EC6E2875D5CA34D9058704
                                                                                                                                                                                                                                                            Function 0043B9A1 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                            • Instruction ID: 4f1d9a8e55b01d87ed81b452fa3618ff49b1b83c19e4b1c484c24ed6b64955da
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78212921718B550BD728DE3988D132BF7D39BCB210F48D63EC5938B2D6CA34D9054688
                                                                                                                                                                                                                                                            Function 009D6544 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                            • Instruction ID: a8a88f66a948199d9ab86c1d54de249fc78ec054acc6e98267bd9afdb420e572
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3921F674654B019FD360CF28D880B27B7A3EBD6324F24C668E59547796DB34EC82DB44
                                                                                                                                                                                                                                                            Function 0043BF40 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                            • Instruction ID: c284272cbe1354c2bac86839248cf07ee5637eab11ef42c9faf85a1953e6744e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B521217AA08225CFCB04DF24E88466AF3A0FF4A714F5A947ED5858B241D3309E90CF86
                                                                                                                                                                                                                                                            Function 009C2E37 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                            • Instruction ID: ce62818308ae7bdb154201fc2d3ff34faff8338a998fbc62525ce767b35287c5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9112733F1652107A350DF369CD8B1B6397E7C5310B1A053CE942D7281CA36FD02E295
                                                                                                                                                                                                                                                            Function 00402BD0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                            • Instruction ID: d3efd499d3fbc33036e2032367fc91d0155dae543bbe3474a39f1f7b468c3dc9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A11B273F2A92107F3549E369C9C21B6352E7C531471A0535D941A72C1CA79F902E168
                                                                                                                                                                                                                                                            Function 009E552B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                            • Instruction ID: 0c025545483cd524a026949a06bef9e2177fffe204d37832eadc3b4974fa88f6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF1123716543809BCB19CF65DCD1A7EB3A5AB96308F49983CE1D2C7251C674CC008B46
                                                                                                                                                                                                                                                            Function 009FB3FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                            • Instruction ID: e2f1d7855954e7e78f6ee2fbe7e7f4982b2c8b42b1afe0461302a20849d8f178
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4116F75B587484FC318EFA4EDC027AB3A5AF86310F1D843C86E647761D7608D108749
                                                                                                                                                                                                                                                            Function 0043B195 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                            • Instruction ID: 20ca1e341728769f683a14c7d19e02f3155232ce684509dc4d83bd4e8ff0b8df
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72112575A587048FC318EFA4ACC837BB3A4EB8A311F29953D86A647350DB608D118689
                                                                                                                                                                                                                                                            Function 009D4806 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                            • Instruction ID: 66e3d919cabd9008f1648661f1b6c40843d5554ac5136e7ca7a2f3e847cd38ce
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0014970B442405BFB584B28CC51B3AB353F7D3740F65D12DE181AB2D1EE708C019B06
                                                                                                                                                                                                                                                            Function 009F3897 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                            • Instruction ID: 325ad47f3f35b7018f5dfbf334106e72538c0d548859767fa3415faf74eb36b2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD11E933B051D94EC3168D3C8400579BFA30AA3275F19C399F5F49B2D2C62B8ECA9760
                                                                                                                                                                                                                                                            Function 00433630 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                            • Instruction ID: b28cf3c768fcd90dd8a03dd2320e21e507999ec1ebf4a65f37eb71fdd5601da6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E011EC336051D41EC3268D3C8400565BF930AA7636F5953DAF4B49B3D2D52A8E8A8759
                                                                                                                                                                                                                                                            Function 009E9C17 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                            • Instruction ID: f6a6c6feda109bfd6b5017498a472b99b62832f81989f54cf0cd2336441b1377
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E019EF1A0038157E722BE2284C1B27B3EC6F81714F28042CE98D47201DB62EC4687A6
                                                                                                                                                                                                                                                            Function 009E55B3 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                            • Instruction ID: 59ba114da3f8854bf247c193e16cbee8aac58c436cc9135bdbeee2893d7b88e9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B91122763547404BD718CF68D8E06BAB3E5AB86305F4A943CE4C2C3390CAB8C9058B46
                                                                                                                                                                                                                                                            Function 004299B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                            • Instruction ID: 55029b9e38fdfb0df3b4b8151af6569af59bc0d0f5a25f3444c4cc7de86b0466
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E001B1F1B0035257DB209F55B4C1B27B2A86F95718F08443EE80867342DB7DFC44C2AA
                                                                                                                                                                                                                                                            Function 009F6C3B Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                            • Instruction ID: 6c883c3271c521775e06933bb47567dd96dd36727b3b06a8f8b92aacdcba337e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D21126B56043085BE3209F25DD80F3BB7EAEBE6700F249439E7C497291DA308C529767
                                                                                                                                                                                                                                                            Function 009CC030 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                            • Instruction ID: d6bcf8c39b9e714294f3381edc98ed3c108e116ad34c02cbb493f858665d0984
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5119E71608341ABD724DF299D90A7BBBE2EBC2354F15AA2CE59653790C630C841CB0A
                                                                                                                                                                                                                                                            Function 009CEAA2 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                            • Instruction ID: 9636720f6ec3b7df4b3eccaf0369e7bcef6147c4f06cb1359005fbb071268f20
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE11E374B407804FD3188F24CCD6F62B7A2ABD6318719853CB8429BB93C67CAC05CB65
                                                                                                                                                                                                                                                            Function 0040E83B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                            • Instruction ID: 78b4a12427cc173d586094b37f3e700b38d0ff2ce6b24877113fcbe6adf3e26f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D71127717507404FD3189F25CCD2A637772ABC6314705893DB8519BBD3C67CAC0587A8
                                                                                                                                                                                                                                                            Function 0040BDC9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                            • Instruction ID: 5bf83162093d809aa6a095f83f940cb60b386281fae2fad957a8694bd2eb5c71
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3911E071608341ABD7149F29DD9067FBBE2EBC2354F14AE2CE59253790C630C841CB4A
                                                                                                                                                                                                                                                            Function 00A39893 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606914020.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A39000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a39000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                            • Instruction ID: f82236c8940d4ff02efe8db32e985146bd40080de5eae08a1b450130f774b574
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33112A72740100AFD754DF55DC91EA773EAEB89760B2980A9E904CB316D6B5E841C760
                                                                                                                                                                                                                                                            Function 009C0D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                            • Instruction ID: aa7838f2bd99d3146c0e5ac60547c9263120cf76f4ac0fa1d23ce1b58ff319d3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E01A276E00704CFDF21CF64C844FAA33E9EBC6316F4544A9E90B9B281E774A9418F92
                                                                                                                                                                                                                                                            Function 009E70E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                            • Instruction ID: 0949e9dea73cb37e909f740af69df307b902ca2bbf5bfed01019f2ef7052f4ac
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8F06DB5E0C3808BC71CCF28C48062AFBE4BB9A700F10693DE48AA3341DB31D945CB4A
                                                                                                                                                                                                                                                            Function 009E7797 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                            • Instruction ID: 887f22df10ce30f9cc77027e1fe4005b79d8d3335f7db5eb68a0201e3d8e3e5c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3F046B410D3919FC300DF2AD29051BFBE0ABD5318F64AA5CE8DA5B212D334C9028B4A
                                                                                                                                                                                                                                                            Function 009E54D1 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                            • Instruction ID: 56a64e090648efff7e6e0b6177665a9a26fb6be2a23a229aba5f4e75d64fd64f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10F0EDB1688305BAF6248A00CC43F7BB6B49B95B04F301518B344790E0E5E1B549870E
                                                                                                                                                                                                                                                            Function 0042526A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                            • Instruction ID: 26823722f3a6afcc10447d79cbf8b06261be6e3c3bcefc34e32834821d37eed0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4F0EDB5A88301BAF6248A00DD43F67B6A89755B04F301519B344790E1E5E1F559870E
                                                                                                                                                                                                                                                            Function 009FAD19 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                            • Instruction ID: 1ea1d1274454d6d2fb9e2f62fb172d3652c5b1997d4314d1e7c3da0f968fe5af
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8F0A735B456808BE704CF38E82195ABBF6E387324F145A7DD641D3751D639C8018705
                                                                                                                                                                                                                                                            Function 0043AAB2 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                            • Instruction ID: fe1efda9bcc16308283c5424634e62067ac2dc8fe4a9505e7820fcb65e305570
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1F0A735B456808BE704CF38D82155BBBE2E38B324F185A7DD681D3751D639C8018609
                                                                                                                                                                                                                                                            Function 009E63B6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                            • Instruction ID: cb4d285f35cf82537c10943a77f5103afb1fc32aff7a79792f7101928c680600
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3D0972480C6FAC30E2B0E1601102BCBB360A337A1B1A75E4DCC13F882CB76EC071268
                                                                                                                                                                                                                                                            Function 009FC268 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                            • Instruction ID: 979b3066809f2b39c8d4e254b46c6f556eea9d2a5e27a8b6f776bea0b7d6dcb5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1AB002759486418FC644DF18D584974F7F5AB0B211F1564549589E7222D220D8408A19
                                                                                                                                                                                                                                                            Function 009E559D Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                            • Instruction ID: 70204a4f19da818e306c590333116dd845209fb171f96af6639338c1a50bb7b2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38B00254855145D6D704CF10D905575F270BF43705F10F655A40437160D3B4C248870E
                                                                                                                                                                                                                                                            Function 009FC79B Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                            • Instruction ID: 10c72ce3a0ca8e08a8575cf423c81d1ec4165de9f21f41d416b206e48e332a4b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDA00239E5C40197CA08CF20A854871E2BA6B5F204FA134288106B7C52D951D500854C
                                                                                                                                                                                                                                                            Function 009F1337 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                            • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                            • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                            • Opcode ID: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                            • Instruction ID: 89188059d1bd6bc7d36b1e1dcb2ebf9795ea18688cccf5ef68456feb7b5d4c34
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F419F7090C7818ED301EF78988836FBEE09FC6314F084A7DE5E986392D6788548D793
                                                                                                                                                                                                                                                            Function 009EFAA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606722532.00000000009C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                            • String ID: L
                                                                                                                                                                                                                                                            • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                            • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                            • Instruction ID: 9e15aa1912edae55f672a90081fab7665418563c33aaa06b282bf3f4d0c0e8c3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C414B7110CBC18ED321DB38845865EBFD16BE6220F188A9DE1F5873E2D6748549CB53
                                                                                                                                                                                                                                                            Function 0042F83B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                            • String ID: L
                                                                                                                                                                                                                                                            • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                            • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                            • Instruction ID: 6db3269f84c82bd33a71f1d72ed2fa7cb36160b769e4d9c9dbaa52e299ac7a35
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40413A7110CBC18ED321DB38844865EBFE16BE6220F588AADE5E5873E2D674854ACB53
                                                                                                                                                                                                                                                            Function 004322BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1606218159.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1606218159.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_sNWQ2gC6if.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MetricsSystem
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                            • Opcode ID: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                            • Instruction ID: c9a1f8c58fc854c7343cd62f2f50c2794f568aca7ada01e3bbf97962732916ca
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB3183B09143048FDB40EF69E98965EBBF4BB88304F01853EE499DB360D7749948CF86